Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
gTU8ed4669.exe

Overview

General Information

Sample name:gTU8ed4669.exe
renamed because original name is a hash value
Original sample name:2177e5dd54a3815b8535b4e6902c1777.exe
Analysis ID:1578932
MD5:2177e5dd54a3815b8535b4e6902c1777
SHA1:1cc1940a436cfa997f221ac2b16dfe57d7d0da11
SHA256:47ea422d6bd14500cf0851c83895445560363a19beddd3a8e9500922f217240a
Tags:exeuser-abuse_ch
Infos:

Detection

Credential Flusher
Score:80
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Yara detected Credential Flusher
AI detected suspicious sample
Binary is likely a compiled AutoIt script file
Found API chain indicative of sandbox detection
Machine Learning detection for sample
Connects to many different domains
Contains functionality for execution timing, often used to detect debuggers
Contains functionality for read data from the clipboard
Contains functionality to block mouse and keyboard input (often used to hinder debugging)
Contains functionality to call native functions
Contains functionality to check if a debugger is running (IsDebuggerPresent)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to communicate with device drivers
Contains functionality to dynamically determine API calls
Contains functionality to execute programs as a different user
Contains functionality to launch a process as a different user
Contains functionality to launch a program with higher privileges
Contains functionality to modify clipboard data
Contains functionality to open a port and listen for incoming connection (possibly a backdoor)
Contains functionality to query CPU information (cpuid)
Contains functionality to read the PEB
Contains functionality to read the clipboard data
Contains functionality to retrieve information about pressed keystrokes
Contains functionality to shutdown / reboot the system
Contains functionality to simulate keystroke presses
Contains functionality to simulate mouse events
Contains functionality which may be used to detect a debugger (GetProcessHeap)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
OS version to string mapping found (often used in BOTs)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Sample execution stops while process was sleeping (likely an evasion)
Uses 32bit PE files
Uses code obfuscation techniques (call, push, ret)
Uses taskkill to terminate processes

Classification

Process Tree

  • System is w10x64
  • gTU8ed4669.exe (PID: 7920 cmdline: "C:\Users\user\Desktop\gTU8ed4669.exe" MD5: 2177E5DD54A3815B8535B4E6902C1777)
    • taskkill.exe (PID: 7972 cmdline: taskkill /F /IM firefox.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7980 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 8068 cmdline: taskkill /F /IM chrome.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 8076 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 8124 cmdline: taskkill /F /IM msedge.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 8132 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 8188 cmdline: taskkill /F /IM opera.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 6080 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • taskkill.exe (PID: 7328 cmdline: taskkill /F /IM brave.exe /T MD5: CA313FD7E6C2A778FFD21CFB5C1C56CD)
      • conhost.exe (PID: 7356 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • firefox.exe (PID: 7524 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • firefox.exe (PID: 7620 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
    • firefox.exe (PID: 3764 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 5356 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2208 -prefMapHandle 2200 -prefsLen 25393 -prefMapSize 238472 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adacb488-456f-4bdd-b503-fae0723e806e} 3764 "\\.\pipe\gecko-crash-server-pipe.3764" 194ece70b10 socket MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 3292 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4380 -parentBuildID 20230927232528 -prefsHandle 4320 -prefMapHandle 4316 -prefsLen 26408 -prefMapSize 238472 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46853b82-603f-431f-9c20-12d6f5692070} 3764 "\\.\pipe\gecko-crash-server-pipe.3764" 194feec8210 rdd MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
      • firefox.exe (PID: 3080 cmdline: "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5064 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5056 -prefMapHandle 5052 -prefsLen 33559 -prefMapSize 238472 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdfaa482-0641-42af-836a-eca09acadf2a} 3764 "\\.\pipe\gecko-crash-server-pipe.3764" 194fd69f710 utility MD5: C86B1BE9ED6496FE0E0CBE73F81D8045)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
Process Memory Space: gTU8ed4669.exe PID: 7920JoeSecurity_CredentialFlusherYara detected Credential FlusherJoe Security

    Sigma Signatures

    No Sigma rule has matched

    Suricata Signatures

    No Suricata rule has matched

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Antivirus / Scanner detection for submitted sample
    Source: gTU8ed4669.exeAvira: detected
    Multi AV Scanner detection for submitted file
    Source: gTU8ed4669.exeReversingLabs: Detection: 28%
    AI detected suspicious sample
    Source: Submited SampleIntegrated Neural Analysis Model: Matched 99.6% probability
    Machine Learning detection for sample
    Source: gTU8ed4669.exeJoe Sandbox ML: detected
    Source: gTU8ed4669.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.11:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.11:49746 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.11:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49774 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49792 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49799 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.11:49829 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.11:49830 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.11:49833 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.11:49839 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.11:49840 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.11:49842 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.11:49841 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49912 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49911 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49913 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49914 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49915 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49916 version: TLS 1.2
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.1467123374.00000195094C1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.1501991292.00000194FA49B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.1465616842.00000194FA495000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.1500900106.00000194FA4A6000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.1467123374.00000195094C1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.1501991292.00000194FA49B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.1500900106.00000194FA4A6000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ktmw32.pdbGCTL source: firefox.exe, 0000000E.00000003.1465616842.00000194FA495000.00000004.00000020.00020000.00000000.sdmp
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008DDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_008DDBBE
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008AC2A2 FindFirstFileExW,0_2_008AC2A2
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E68EE FindFirstFileW,FindClose,0_2_008E68EE
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_008E698F
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008DD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008DD076
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008DD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008DD3A9
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_008E9642
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_008E979D
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_008E9B2B
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_008E5C97
    Source: firefox.exeMemory has grown: Private usage: 1MB later: 230MB
    Source: unknownNetwork traffic detected: DNS query count 31
    Source: Joe Sandbox ViewIP Address: 151.101.1.91 151.101.1.91
    Source: Joe Sandbox ViewIP Address: 34.149.100.209 34.149.100.209
    Source: Joe Sandbox ViewIP Address: 34.117.188.166 34.117.188.166
    Source: Joe Sandbox ViewIP Address: 34.160.144.191 34.160.144.191
    Source: Joe Sandbox ViewJA3 fingerprint: fb0aa01abe9d8e4037eb3473ca6e2dca
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008ECE44 InternetReadFile,SetEvent,GetLastError,SetEvent,0_2_008ECE44
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: global trafficHTTP traffic detected: GET /canonical.html HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateCache-Control: no-cachePragma: no-cacheConnection: keep-alive
    Source: global trafficHTTP traffic detected: GET /success.txt?ipv4 HTTP/1.1Host: detectportal.firefox.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0Accept: */*Accept-Language: en-US,en;q=0.5Accept-Encoding: gzip, deflateConnection: keep-alivePragma: no-cacheCache-Control: no-cache
    Source: firefox.exe, 0000000E.00000003.1557541861.00003D5AD1903000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1557541861.00003D5AD1903000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.facebook.com/*Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *://www.youtube.com/*Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1603985117.00000194F9C7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Wikipedia&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer"><div class="top-site-inner"><a class="top-site-button" href="https://www.reddit.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="R"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/reddit-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Reddit<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Reddit&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" href="https://twitter.com/" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper" data-fallback="T"><div class="top-site-icon rich-icon" style="background-image:url(chrome://activity-stream/content/data/content/tippytop/images/twitter-com@2x.png)"></div></div></div><div class="title"><span dir="auto">Twitter<span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><div><button aria-haspopup="true" data-l10n-id="newtab-menu-content-tooltip" data-l10n-args="{&quot;title&quot;:&quot;Twitter&quot;}" class="context-menu-button icon"></button></div><div class="topsite-impression-observer"></div></div></li><li class="top-site-outer placeholder hide-for-narrow"><div class="top-site-inner"><a class="top-site-button" tabindex="0" draggable="true" data-is-sponsored-link="false"><div class="tile" aria-hidden="true"><div class="icon-wrapper"><div class=""></div></div></div><div class="title"><span dir="auto"><br/><span class="sponsored-label" data-l10n-id="newtab-topsite-sponsored"></span></span></div></a><button aria-haspopup="dialog" class="context-menu-button edit-button icon" data-l10n-id="newtab-menu-topsites-placeholder-tooltip"></button><div class="topsite-impression-observer"></div></div></li></ul><div class="edit-topsites-wrapper"></div></div></section></div></div></div></div><style data-styles="[[null]]"></style></div><div class="discovery-stream ds-layout"><div class="ds-column ds-column-12"><div class="ds-column-grid"><div></div></div></div><style data-styles="[[null]]"></style></div></div></main></div></div> equals www.twitter.com (Twitter)
    Source: firefox.exe, 0000000E.00000003.1559891384.0000019508DB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605499130.0000019508DB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1610202493.0000019508DB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/* equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1557541861.00003D5AD1903000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.facebook.com/*Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1584585922.0000019509047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/* equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8*://www.youtube.com/*Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1584065842.00000195092E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577785080.0000019504E59000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1558728624.00000195092E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1559891384.0000019508DB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605499130.0000019508DB1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1610202493.0000019508DB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1584585922.0000019509047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 8www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1602211299.00000194FD65A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1602211299.00000194FD65A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: `https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1558095839.00001AB06E804000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577785080.0000019504E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1558095839.00001AB06E804000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/Z equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1558095839.00001AB06E804000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1584065842.00000195092E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 00000012.00000002.3200715003.0000020590E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEB0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.facebook.com (Facebook)
    Source: firefox.exe, 00000012.00000002.3200715003.0000020590E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEB0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.twitter.com (Twitter)
    Source: firefox.exe, 00000012.00000002.3200715003.0000020590E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEB0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/,https://www.facebook.com/,https://www.wikipedia.org/,https://www.reddit.com/,https://www.amazon.com/,https://twitter.com/ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1558095839.00001AB06E804000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1584585922.0000019509047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: moz-extension://7d71fa77-151c-427a-99c7-e68aa2a1f821/injections/js/bug1842437-www.youtube.com-performance-now-precision.js equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1558095839.00001AB06E804000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1518013647.00000194FE8BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557819930.0000030082303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.comZ equals www.facebook.com (Facebook)
    Source: firefox.exe, 0000000E.00000003.1558095839.00001AB06E804000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1584585922.0000019509047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557819930.0000030082303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comZ equals www.youtube.com (Youtube)
    Source: firefox.exe, 0000000E.00000003.1431115714.00000194FDEAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1601270232.00000194FDB88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444272711.00000194FDEA9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: x*://www.facebook.com/platform/impression.php* equals www.facebook.com (Facebook)
    Source: global trafficDNS traffic detected: DNS query: prod.classify-client.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: detectportal.firefox.com
    Source: global trafficDNS traffic detected: DNS query: youtube.com
    Source: global trafficDNS traffic detected: DNS query: prod.detectportal.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: contile.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: spocs.getpocket.com
    Source: global trafficDNS traffic detected: DNS query: prod.ads.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: content-signature-2.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: shavar.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: example.org
    Source: global trafficDNS traffic detected: DNS query: ipv4only.arpa
    Source: global trafficDNS traffic detected: DNS query: prod.balrog.prod.cloudops.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: prod.content-signature-chains.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: push.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: firefox.settings.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: telemetry-incoming.r53-2.services.mozilla.com
    Source: global trafficDNS traffic detected: DNS query: prod.remote-settings.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: support.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: us-west1.prod.sumo.prod.webservices.mozgcp.net
    Source: global trafficDNS traffic detected: DNS query: www.youtube.com
    Source: global trafficDNS traffic detected: DNS query: www.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.wikipedia.org
    Source: global trafficDNS traffic detected: DNS query: dyna.wikimedia.org
    Source: global trafficDNS traffic detected: DNS query: youtube-ui.l.google.com
    Source: global trafficDNS traffic detected: DNS query: star-mini.c10r.facebook.com
    Source: global trafficDNS traffic detected: DNS query: www.reddit.com
    Source: global trafficDNS traffic detected: DNS query: twitter.com
    Source: global trafficDNS traffic detected: DNS query: reddit.map.fastly.net
    Source: global trafficDNS traffic detected: DNS query: services.addons.mozilla.org
    Source: global trafficDNS traffic detected: DNS query: normandy.cdn.mozilla.net
    Source: global trafficDNS traffic detected: DNS query: normandy-cdn.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.1444272711.00000194FDE53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1442659552.00000194FE4F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://127.0.0.1:
    Source: firefox.exe, 0000000E.00000003.1442238136.0000019506999000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.0/
    Source: firefox.exe, 0000000E.00000003.1442238136.0000019506999000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearch/1.1/
    Source: firefox.exe, 0000000E.00000003.1442238136.0000019506999000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.0/
    Source: firefox.exe, 0000000E.00000003.1442238136.0000019506999000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://a9.com/-/spec/opensearchdescription/1.1/
    Source: firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
    Source: firefox.exe, 0000000E.00000003.1467346427.00000194FA495000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465616842.00000194FA495000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
    Source: firefox.exe, 0000000E.00000003.1472636729.00000194FA48D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1470313796.00000194FA489000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465616842.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
    Source: firefox.exe, 0000000E.00000003.1467346427.00000194FA495000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
    Source: firefox.exe, 0000000E.00000003.1467346427.00000194FA495000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465616842.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577785080.0000019504E4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl.thawte.com/ThawteTimestampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.1467346427.00000194FA495000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465616842.00000194FA495000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
    Source: firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
    Source: firefox.exe, 0000000E.00000003.1467346427.00000194FA495000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
    Source: firefox.exe, 0000000E.00000003.1467346427.00000194FA495000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465616842.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
    Source: firefox.exe, 0000000E.00000003.1472636729.00000194FA48D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1470313796.00000194FA489000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465616842.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
    Source: firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
    Source: firefox.exe, 0000000E.00000003.1472636729.00000194FA48D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1470313796.00000194FA489000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465616842.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0L
    Source: firefox.exe, 0000000E.00000003.1594818683.00000194FE6D8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1602211299.00000194FD65A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557965995.0000019509BAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1573277670.0000019509BAA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1605349525.0000019509BBB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557881661.0000019509BF8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1593896558.00000194FEA97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com
    Source: firefox.exe, 0000000E.00000003.1561754929.0000019504EA1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/
    Source: firefox.exe, 0000000E.00000003.1429767280.00000194FF6D6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588894446.00000194FEAA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/canonical.html
    Source: firefox.exe, 0000000E.00000003.1593985364.00000194FEA38000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588894446.00000194FEAA8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv4
    Source: firefox.exe, 0000000E.00000003.1582764338.000001950672C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: http://detectportal.firefox.com/success.txt?ipv6
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.addEventListener
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://developer.mozilla.org/en/docs/DOM:element.removeEventListener
    Source: firefox.exe, 0000000E.00000003.1527126152.00000194FDFFC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
    Source: firefox.exe, 0000000E.00000003.1572132416.000002B05DB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/
    Source: firefox.exe, 0000000E.00000003.1455487701.00000194FDCD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1514464368.00000194FDC81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1452688425.00000194FDCFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1466337398.00000194FDDBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1587444264.00000194FF025000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1453741725.00000194FDC92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1521304094.00000194FDCF6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586383650.00000194FF0B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1584065842.00000195092CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1521304094.00000194FDCE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1521304094.00000194FDCFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1608216999.00000195092CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1583147366.00000194FF412000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1532572196.00000194FF5EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1558728624.00000195092CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1561560508.0000019504ECA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1514464368.00000194FDCD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1456783935.00000194FDCE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1521967172.00000194FF5E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1602491630.00000194FD0A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1509604232.00000194FDDC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/MPL/2.0/.
    Source: firefox.exe, 0000000E.00000003.1572401635.00000F827EA03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/Z
    Source: firefox.exe, 0000000E.00000003.1572401635.00000F827EA03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/~
    Source: firefox.exe, 0000000E.00000003.1572132416.000002B05DB03000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org/~D
    Source: firefox.exe, 0000000E.00000003.1467346427.00000194FA495000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465616842.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0A
    Source: firefox.exe, 0000000E.00000003.1467346427.00000194FA495000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465616842.00000194FA495000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0C
    Source: firefox.exe, 0000000E.00000003.1472636729.00000194FA48D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1470313796.00000194FA489000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465616842.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.digicert.com0N
    Source: firefox.exe, 0000000E.00000003.1467346427.00000194FA495000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0X
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ocsp.thawte.com0
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577785080.0000019504E4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
    Source: firefox.exe, 0000000E.00000003.1561560508.0000019504EBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0.
    Source: firefox.exe, 0000000E.00000003.1561560508.0000019504EBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.i.lencr.org/0W
    Source: firefox.exe, 0000000E.00000003.1561560508.0000019504EBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r3.o.lencr.org0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-aia.ws.symantec.com/tss-ca-g2.cer0
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-crl.ws.symantec.com/tss-ca-g2.crl0(
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://ts-ocsp.ws.symantec.com07
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577785080.0000019504E4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
    Source: firefox.exe, 0000000E.00000003.1472636729.00000194FA48D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1470313796.00000194FA489000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1465616842.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577785080.0000019504E4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
    Source: gmpopenh264.dll.tmp.14.drString found in binary or memory: http://www.mozilla.com0
    Source: firefox.exe, 0000000E.00000003.1441938291.00000195073A1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2005/app-updatex
    Source: firefox.exe, 0000000E.00000003.1442238136.0000019506999000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/2006/browser/search/
    Source: firefox.exe, 0000000E.00000003.1587444264.00000194FF025000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586902637.00000194FF068000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1593693241.00000194FEAC4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1603175692.00000194FD04D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1588276996.00000194FEAC0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1603309749.00000194FD024000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1430222234.00000194FF2DF000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1579153835.0000019500290000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1593432392.00000194FF079000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
    Source: mozilla-temp-41.14.drString found in binary or memory: http://www.videolan.org/x264.html
    Source: firefox.exe, 0000000E.00000003.1561560508.0000019504EBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.c.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.1561560508.0000019504EBA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://x1.i.lencr.org/0
    Source: firefox.exe, 0000000E.00000003.1443152752.00000194FE040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://youtube.com/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.malware-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-error.mozilla.com/?url=
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://%LOCALE%.phish-report.mozilla.com/?url=
    Source: firefox.exe, 0000000E.00000003.1596991555.00000194FE091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://MD8.mozilla.org/1/m
    Source: firefox.exe, 0000000E.00000003.1444163746.00000194FE03C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.duckduckgo.com/ac/
    Source: firefox.exe, 0000000E.00000003.1593487215.00000194FEF8A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.bellmedia.c
    Source: firefox.exe, 0000000E.00000003.1605641547.0000019508AC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com
    Source: firefox.exe, 0000000E.00000003.1561947174.0000019504CD1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1559891384.0000019508D3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/settings/clients
    Source: firefox.exe, 0000000E.00000003.1602290344.00000194FD5E5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.comK
    Source: firefox.exe, 0000000E.00000003.1560826626.0000019507313000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1545883423.00000194FDD91000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1537755811.00000194FE272000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1545418811.00000194FDD8F000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467389686.00000194FDD91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB3DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/language-tools/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search-engines/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/search?q=%TERMS%&platform=%OS%&appver=%VERSION%
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org/%LOCALE%/firefox/themes
    Source: firefox.exe, 0000000E.00000003.1431115714.00000194FDEAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1601270232.00000194FDB88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444272711.00000194FDEA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1600299952.00000194FE631000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1595903476.00000194FE631000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1599102139.00000194FDEAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1431491687.00000194FDB88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ads.stickyadstv.com/firefox-etp
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://allegro.pl/
    Source: firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
    Source: firefox.exe, 0000000E.00000003.1444218128.00000194FE030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.com/
    Source: firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://amazon.comZ
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://api.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/app/firefox-private-safe-browser/id989804926
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://apps.apple.com/us/app/firefox-private-network-vpn/id1489407738
    Source: firefox.exe, 0000000E.00000003.1561204286.0000019504FE8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/GMP/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL%/%OS_VER
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/3/SystemAddons/%VERSION%/%BUILD_ID%/%BUILD_TARGET%/%LOCALE%/%CHANNEL
    Source: firefox.exe, 0000000E.00000003.1602161538.00000194FD699000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1590888059.0000019506782000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1582764338.0000019506782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://aus5.mozilla.org/update/6/Firefox/118.0.1/20230927232528/WINNT_x86_64-msvc-x64/en-US/release
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://blocked.cdn.mozilla.net/%blockID%.html
    Source: firefox.exe, 00000010.00000002.3201995506.0000027B845BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3204239263.000002A9EEC03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&ci=1696500454657.12791&key=1696500454400500
    Source: firefox.exe, 00000010.00000002.3201995506.0000027B845BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3204239263.000002A9EEC03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&ci=1696500454657.12791&key=1696500454400500000.1&cta
    Source: firefox.exe, 0000000E.00000003.1606415407.000001950673F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mo
    Source: firefox.exe, 0000000E.00000003.1455648791.00000194FDC69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1456724597.0000019505594000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1189266
    Source: firefox.exe, 0000000E.00000003.1455648791.00000194FDC69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1456724597.0000019505594000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1193802
    Source: firefox.exe, 0000000E.00000003.1456724597.0000019505594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455648791.00000194FDC4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1207993
    Source: firefox.exe, 0000000E.00000003.1456724597.0000019505594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455648791.00000194FDC4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1266220
    Source: firefox.exe, 0000000E.00000003.1456724597.0000019505594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455648791.00000194FDC4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1283601
    Source: firefox.exe, 0000000E.00000003.1561099325.00000195069EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1442238136.00000195069F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1539075
    Source: firefox.exe, 0000000E.00000003.1561099325.00000195069EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1442238136.00000195069F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1584464
    Source: firefox.exe, 0000000E.00000003.1561099325.00000195069EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1442238136.00000195069F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1607439
    Source: firefox.exe, 0000000E.00000003.1561099325.00000195069EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1442238136.00000195069F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1616739
    Source: firefox.exe, 0000000E.00000003.1455648791.00000194FDC69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1456724597.0000019505594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455648791.00000194FDC4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1678448
    Source: firefox.exe, 0000000E.00000003.1583147366.00000194FF412000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1694699#c21
    Source: firefox.exe, 0000000E.00000003.1456724597.0000019505594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455648791.00000194FDC4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=792480
    Source: firefox.exe, 0000000E.00000003.1456724597.0000019505594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455648791.00000194FDC4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=809550
    Source: firefox.exe, 0000000E.00000003.1456724597.0000019505594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455648791.00000194FDC4F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=840161
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-f
    Source: firefox.exe, 0000000E.00000003.1442238136.00000195069C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398195654.00000194FCB4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1397518769.00000194FC900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398061028.00000194FCB34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1397890402.00000194FCB1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398329381.00000194FCB67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://completion.amazon.com/search/complete?q=
    Source: firefox.exe, 0000000E.00000003.1596432795.00000194FE422000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1600595032.00000194FE422000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB3B5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.1596432795.00000194FE486000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://content-signature-2.cdn.mozilla.net/chains/remote-settings.content-signature.mozilla.org-202
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://content.cdn.mozilla.net
    Source: firefox.exe, 00000010.00000002.3201995506.0000027B845BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3204239263.000002A9EEC03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpg
    Source: firefox.exe, 00000010.00000002.3201995506.0000027B845BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3204239263.000002A9EEC03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
    Source: firefox.exe, 0000000E.00000003.1607029385.0000019504E7D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.1444272711.00000194FDE96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1428184529.0000019504FCD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://contile.services.mozilla.com/v1/tiles
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://coverage.mozilla.org
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://crash-stats.mozilla.org/report/index/
    Source: firefox.exe, 0000000E.00000003.1522859883.0000019504D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1425801036.0000019504D5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crbug.com/993268
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://dap-02.api.divviup.org
    Source: firefox.exe, 0000000E.00000003.1610656136.0000019508D3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1559891384.0000019508D3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://datastudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullSc
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapture
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Element/setPointerCaptureElementReleaseCaptureWarningElem
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/API/Push_API/Using_the_Push_API#EncryptionPreventDefaultFromP
    Source: firefox.exe, 0000000E.00000003.1586383650.00000194FF0AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnored
    Source: firefox.exe, 0000000E.00000003.1512985504.00000194FE9B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Mozilla/Tech/XPCOM/Reference/Interface/nsIEffectiveTLDServi
    Source: firefox.exe, 0000000E.00000003.1522859883.0000019504D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/API/ElementCSSInlineStyle/style#setting_styles)
    Source: firefox.exe, 0000000E.00000003.1522859883.0000019504D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Statements/for-await...of
    Source: firefox.exe, 0000000E.00000003.1522859883.0000019504D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1425801036.0000019504D5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecycl
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://developers.google.com/safe-browsing/v4/advisory
    Source: firefox.exe, 0000000E.00000003.1444163746.00000194FE03C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1594433171.00000194FEA13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/
    Source: firefox.exe, 0000000E.00000003.1557819930.0000030082303000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?Z
    Source: firefox.exe, 0000000E.00000003.1444163746.00000194FE03C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/?t=ffab&q=
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1543519417.00000194FC739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1400129764.00000194FC733000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577785080.0000019504E4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577785080.0000019504E4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1543519417.00000194FC739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1400129764.00000194FC733000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E3D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://extensionworkshop.com/documentation/publish/self-distribution/
    Source: firefox.exe, 00000013.00000002.3201843113.000002A9EEB13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-api-proxy.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.1439767539.00000194FE292000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1440707478.00000194FE2AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/673d2808-e5d8-41b9-957
    Source: firefox.exe, 0000000E.00000003.1440264929.00000194FE2A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1439767539.00000194FE292000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1441034410.00000194FE2C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1440707478.00000194FE2AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/706c7a85-cf23-442e-8a9
    Source: firefox.exe, 0000000E.00000003.1440707478.00000194FE2AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/networking/dns/trr-skip-reasons.html#
    Source: firefox.exe, 0000000E.00000003.1552497685.0000019509D70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.1610781584.0000019508A42000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.1552497685.0000019509D70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1608846283.00000195091E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576796462.00000195091E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1553074300.00000195091E9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com/browser?utm_source=firefox-desktop&utm_medium=referral&utm_campaign=about-pr
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ftp.mozilla.org/pub/labs/devtools/adb-extension/#OS#/adb-extension-latest-#OS#.xpi
    Source: firefox.exe, 00000013.00000002.3201843113.000002A9EEB13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/
    Source: firefox.exe, 0000000E.00000003.1496370532.00000194FDD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1579686170.0000019500228000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590EC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEBC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=
    Source: firefox.exe, 0000000E.00000003.1579686170.0000019500228000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590EC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEBC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_l
    Source: firefox.exe, 00000013.00000002.3201843113.000002A9EEB30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.cdn.mozilla.net/v3/newtab/layout?version=1&consumer_key=$apiKey&layout_variant=bas
    Source: firefox.exe, 0000000E.00000003.1496370532.00000194FDD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1584585922.0000019509055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/career?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.1496370532.00000194FDD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1584585922.0000019509055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/entertainment?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.1496370532.00000194FDD8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/food?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.1496370532.00000194FDD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1584585922.0000019509055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/health?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.1496370532.00000194FDD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1584585922.0000019509055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/science?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.1496370532.00000194FDD8D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/self-improvement?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.1496370532.00000194FDD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1584585922.0000019509055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/technology?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.1579686170.0000019500228000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590EC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEBC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/trending?src=fx_new_tab
    Source: firefox.exe, 0000000E.00000003.1496370532.00000194FDD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1584585922.0000019509055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore?utm_source=pocket-newtab
    Source: firefox.exe, 0000000E.00000003.1579686170.0000019500228000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590EC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEBC8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
    Source: firefox.exe, 0000000E.00000003.1442834384.00000194FE3DC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/cfworker
    Source: firefox.exe, 0000000E.00000003.1522859883.0000019504D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1425801036.0000019504D5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/google/closure-compiler/issues/3177
    Source: firefox.exe, 0000000E.00000003.1522859883.0000019504D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/lit/lit/issues/1266
    Source: firefox.exe, 0000000E.00000003.1522859883.0000019504D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/microsoft/TypeScript/issues/338).
    Source: firefox.exe, 0000000E.00000003.1398195654.00000194FCB4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1397518769.00000194FC900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398061028.00000194FCB34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1397890402.00000194FCB1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398329381.00000194FCB67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mozilla-services/screenshots
    Source: firefox.exe, 0000000E.00000003.1605808455.0000019508A62000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/uuidjs/uuid#getrandomvalues-not-supported
    Source: firefox.exe, 0000000E.00000003.1561099325.00000195069EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1442238136.00000195069F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/blob/master/css-grid-2/MASONRY-EXPLAINER.md
    Source: firefox.exe, 0000000E.00000003.1561099325.00000195069EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1442238136.00000195069F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/4650
    Source: firefox.exe, 0000000E.00000003.1444218128.00000194FE030000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
    Source: firefox.exe, 0000000E.00000003.1561099325.00000195069EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1442238136.00000195069F3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gpuweb.github.io/gpuweb/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://helper1.dap.cloudflareresearch.com/v02
    Source: firefox.exe, 0000000E.00000003.1557819930.0000030082303000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1606415407.0000019506736000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1582764338.000001950672C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ib.absa.co.za/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://ideas.mozilla.org/
    Source: firefox.exe, 0000000E.00000003.1605687987.0000019508AB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/oldsyncS
    Source: firefox.exe, 0000000E.00000003.1593985364.00000194FEA75000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/apps/relay
    Source: firefox.exe, 0000000E.00000003.1605687987.0000019508AB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/H
    Source: firefox.exe, 0000000E.00000003.1605687987.0000019508AB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/cmd/HCX
    Source: firefox.exe, 0000000E.00000003.1605687987.0000019508AB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryU
    Source: firefox.exe, 0000000E.00000003.1605687987.0000019508AB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://identity.mozilla.com/ids/ecosystem_telemetryUFj
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E59000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/X
    Source: prefs-1.js.14.drString found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4CbW4pDk4pbW4CbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
    Source: firefox.exe, 0000000E.00000003.1552605529.0000019509D43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org
    Source: firefox.exe, 00000012.00000002.3200715003.0000020590EE9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEBF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit
    Source: firefox.exe, 0000000E.00000003.1582599228.00000195067E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1606237189.00000195067E4000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577468940.00000195067E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/events/1/382a357e-4b70-4f91-baeb-c56fc
    Source: firefox.exe, 0000000E.00000003.1592550138.00000194FF2BD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577468940.00000195067E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/metrics/1/3696cffd-da36-4396-b67d-ba0f
    Source: firefox.exe, 0000000E.00000003.1592550138.00000194FF2BD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/firefox-desktop/newtab/1/00002405-14fb-41bf-96fc-1151a
    Source: firefox.exe, 0000000E.00000003.1584585922.0000019509047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/3be90cb5-d73f-4a9a
    Source: firefox.exe, 0000000E.00000003.1584585922.0000019509047000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/6eb5e920-7749-4dca
    Source: firefox.exe, 0000000E.00000003.1579775484.0000019500218000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit/messaging-system/undesired-events/1/a89808e7-04ce-4707
    Source: firefox.exe, 00000013.00000002.3201843113.000002A9EEBF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://incoming.telemetry.mozilla.org/submit1
    Source: firefox.exe, 0000000E.00000003.1522859883.0000019504D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://infra.spec.whatwg.org/#ascii-whitespace
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://install.mozilla.org
    Source: firefox.exe, 0000000E.00000003.1560826626.0000019507313000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1441938291.000001950736C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://json-schema.org/draft/2019-09/schema
    Source: firefox.exe, 0000000E.00000003.1522859883.0000019504D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/libraries/standalone-templates/#rendering-lit-html-templates
    Source: firefox.exe, 0000000E.00000003.1522859883.0000019504D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/directives/#stylemap
    Source: firefox.exe, 0000000E.00000003.1522859883.0000019504D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lit.dev/docs/templates/expressions/#child-expressions)
    Source: firefox.exe, 0000000E.00000003.1431115714.00000194FDEAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444272711.00000194FDEA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1599102139.00000194FDEAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.1444272711.00000194FDE96000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=%MOZILLA_API_KEY%
    Source: firefox.exe, 0000000E.00000003.1601131796.00000194FDE5A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1430222234.00000194FF2CE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://location.services.mozilla.com/v1/country?key=7e40f68c-7938-4c5d-9f95-e61647c213eb
    Source: firefox.exe, 0000000E.00000003.1579347159.000001950025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
    Source: firefox.exe, 0000000E.00000003.1579347159.000001950025C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com
    Source: firefox.exe, 0000000E.00000003.1610656136.0000019508D3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1559891384.0000019508D3B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lookerstudio.google.com/embed/reporting/
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1543519417.00000194FC739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1400129764.00000194FC733000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1543519417.00000194FC739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1400129764.00000194FC733000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577785080.0000019504E4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1543519417.00000194FC739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1400129764.00000194FC733000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577785080.0000019504E4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
    Source: firefox.exe, 00000012.00000002.3200715003.0000020590E86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEB87000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mitmdetection.services.mozilla.com/
    Source: firefox.exe, 0000000E.00000003.1453322364.00000194FF5EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mochitest.youtube.com/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protections
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/about
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/breach-details/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protect
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/breach-stats?includeResolved=true
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/dashboard
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com/user/preferences
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla-ohttp-fakespot.fastly-edge.com/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://mozilla.cloudflare-dns.com/dns-query
    Source: firefox.exe, 0000000E.00000003.1470313796.00000194FA489000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org0/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://normandy.cdn.mozilla.net/api/v1
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://oauth.accounts.firefox.com/v1
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1543519417.00000194FC739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1400129764.00000194FC733000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_r
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-
    Source: firefox.exe, 0000000E.00000003.1453322364.00000194FF5EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/page/
    Source: firefox.exe, 0000000E.00000003.1453322364.00000194FF5EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://play.hbomax.com/player/
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1543519417.00000194FC739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1400129764.00000194FC733000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577785080.0000019504E4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://prod.ohttp-gateway.prod.webservices.mozgcp.net/ohttp-configs
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profile.accounts.firefox.com/v1
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
    Source: firefox.exe, 0000000E.00000003.1596111243.00000194FE627000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com
    Source: firefox.exe, 0000000E.00000003.1596432795.00000194FE44A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://push.services.mozilla.com/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/accounts/profile/?utm_medium=firefox-desktop&utm_source=modal&utm_campaign
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://relay.firefox.com/api/v1/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/diagnostic?site=
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.google.com/safebrowsing/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&p
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/fullHashes:find?$ct=application/x-protobuf&key=%GOOGLE_SAFEBR
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatHits?$ct=application/x-protobuf&key=%GOOGLE_SAFEBROWSIN
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://safebrowsing.googleapis.com/v4/threatListUpdates:fetch?$ct=application/x-protobuf&key=%GOOGL
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://sb-ssl.google.com/safebrowsing/clientreport/download?key=%GOOGLE_SAFEBROWSING_API_KEY%
    Source: firefox.exe, 0000000E.00000003.1398329381.00000194FCB67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com/
    Source: firefox.exe, 0000000E.00000003.1512985504.00000194FE9B9000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/abuse/report/addon/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/addon/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/language-tools/?app=firefox&type=language&appversi
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v4/discovery/?lang=%LOCALE%&edition=%DISTRIBUTION%
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%
    Source: firefox.exe, 0000000E.00000003.1442834384.00000194FE3D5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.1596432795.00000194FE486000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1441938291.000001950736C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/downloads?client=navclient-auto-ffox&appver=118.0&pver=2.2
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://shavar.services.mozilla.com/gethash?client=SAFEBROWSING_ID&appver=%MAJOR_VERSION%&pver=2.2
    Source: firefox.exe, 0000000E.00000003.1431115714.00000194FDEAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444272711.00000194FDEA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1599102139.00000194FDEAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/facebook.svg
    Source: firefox.exe, 0000000E.00000003.1431115714.00000194FDEAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444272711.00000194FDEA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1599102139.00000194FDEAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://smartblock.firefox.etp/play.svg
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://snippets.cdn.mozilla.net/%STARTPAGE_VERSION%/%NAME%/%VERSION%/%APPBUILDID%/%BUILD_TARGET%/%L
    Source: firefox.exe, 0000000E.00000003.1606655847.0000019504FBA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1428184529.0000019504FA0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com
    Source: firefox.exe, 0000000E.00000003.1428184529.0000019504FC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560826626.000001950730B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1441938291.000001950730C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590E12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEB13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/
    Source: firefox.exe, 00000013.00000002.3201843113.000002A9EEB13000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/Error:
    Source: firefox.exe, 0000000E.00000003.1428184529.0000019504FCD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/spocs
    Source: firefox.exe, 0000000E.00000003.1441938291.0000019507313000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560826626.0000019507313000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590EC2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEBF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user
    Source: firefox.exe, 00000013.00000002.3201843113.000002A9EEBF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://spocs.getpocket.com/user?
    Source: firefox.exe, 0000000E.00000003.1600299952.00000194FE631000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1595903476.00000194FE631000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-js
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1600299952.00000194FE631000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1595903476.00000194FE631000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1431491687.00000194FDB88000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.adsafeprotected.com/firefox-etp-pixel
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB3B5000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://support.mozilla.org
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-report
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cryptominers-report
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-report
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/firefox-relay-integration
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-report
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/search-engine-removal
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tab
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shield
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-report
    Source: firefox.exe, 0000000E.00000003.1440707478.00000194FE2AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-def
    Source: firefox.exe, 0000000E.00000003.1440707478.00000194FE2AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=spotlight
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/tracking-content-report
    Source: firefox.exe, 0000000E.00000003.1586335631.00000194FF3F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1437077501.00000194FD654000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1581163422.00000194FF3F7000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/
    Source: firefox.exe, 0000000E.00000003.1588648955.00000194FEAB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/1/firefox/118.0.1/WINNT/en-US/firefox-relay-integration
    Source: firefox.exe, 0000000E.00000003.1572585750.0000019509D94000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596432795.00000194FE486000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1559115388.000001950924D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576485632.000001950924D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/captive-portal
    Source: firefox.exe, 0000000E.00000003.1560622173.0000019508AF5000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaPlatformDecoderNotFound
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/fix-video-audio-problems-firefox-windowsMediaWMFNeeded
    Source: firefox.exe, 0000000E.00000003.1607736018.0000019504BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1591259693.0000019504BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2
    Source: places.sqlite-wal.14.drString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.
    Source: firefox.exe, 0000000E.00000003.1560622173.0000019508AF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.Qb0WswhkLhoa
    Source: firefox.exe, 0000000E.00000003.1522859883.0000019504D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tc39.github.io/ecma262/#sec-typeof-operator
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://token.services.mozilla.com/1.0/sync/1.5
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E43000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577785080.0000019504E46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-2
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E4A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577785080.0000019504E46000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-3.1
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/draft-ietf-httpbis-encryption-encoding-02#section-4
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7515#appendix-C)
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://topsites.services.mozilla.com/cid/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://tracking-protection-issues.herokuapp.com/new
    Source: firefox.exe, 0000000E.00000003.1603511648.00000194FB3DA000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
    Source: firefox.exe, 0000000E.00000003.1443152752.00000194FE040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/
    Source: firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://twitter.com/Z
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_ID
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-%CHANNEL%-browser&utm_campaig
    Source: firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://vpn.mozilla.org/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campaign=about-pr
    Source: firefox.exe, 0000000E.00000003.1594308776.00000194FEA30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://watch.sling.com/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webcompat.com/issues/new
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://webextensions.settings.services.mozilla.com/v1
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1602211299.00000194FD65A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://weibo.com/
    Source: firefox.exe, 0000000E.00000003.1522859883.0000019504D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1425801036.0000019504D5A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://wicg.github.io/construct-stylesheets/#using-constructed-stylesheets).
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.aliexpress.com/
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.ca/
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.co.uk/
    Source: firefox.exe, 0000000E.00000003.1443152752.00000194FE040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/
    Source: firefox.exe, 00000010.00000002.3201995506.0000027B845BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3204239263.000002A9EEC03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_f6f292994d7c60be109e4c185cbc03032d36d17160d4e639
    Source: firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/Z
    Source: firefox.exe, 0000000E.00000003.1443152752.00000194FE04A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1523757374.00000194FF492000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398329381.00000194FCB67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.com/exec/obidos/external-search/
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.de/
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.fr/
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.avito.ru/
    Source: firefox.exe, 0000000E.00000003.1602211299.00000194FD65A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.bbc.co.uk/
    Source: firefox.exe, 0000000E.00000003.1602211299.00000194FD65A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ctrip.com/
    Source: firefox.exe, 0000000E.00000003.1469628546.00000194FA4A3000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1467346427.00000194FA476000.00000004.00000020.00020000.00000000.sdmp, gmpopenh264.dll.tmp.14.drString found in binary or memory: https://www.digicert.com/CPS0
    Source: firefox.exe, 0000000E.00000003.1602211299.00000194FD65A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.co.uk/
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.de/
    Source: firefox.exe, 0000000E.00000003.1602211299.00000194FD65A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/
    Source: firefox.exe, 0000000E.00000003.1561330788.0000019504EEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/
    Source: firefox.exe, 0000000E.00000003.1425730146.0000019504D55000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search
    Source: firefox.exe, 0000000E.00000003.1398449797.00000194FCB7C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398195654.00000194FCB4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1397518769.00000194FC900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398061028.00000194FCB34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1397890402.00000194FCB1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398329381.00000194FCB67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/complete/search?client=firefox&q=
    Source: firefox.exe, 0000000E.00000003.1444272711.00000194FDEA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1523757374.00000194FF492000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398329381.00000194FCB67000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search
    Source: firefox.exe, 0000000E.00000003.1444163746.00000194FE03C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/search?client=firefox-b-d&q=
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.googleapis.com/geolocation/v1/geolocate?key=%GOOGLE_LOCATION_SERVICE_API_KEY%
    Source: firefox.exe, 0000000E.00000003.1453322364.00000194FF5EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hulu.com/watch/
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ifeng.com/
    Source: firefox.exe, 0000000E.00000003.1453322364.00000194FF5EB000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.instagram.com/
    Source: firefox.exe, 00000010.00000002.3201995506.0000027B845BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3204239263.000002A9EEC03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drString found in binary or memory: https://www.invisalign.com/?utm_source=admarketplace&utm_medium=paidsearch&utm_campaign=Invisalign&u
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iqiyi.com/
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.leboncoin.fr/
    Source: firefox.exe, 0000000E.00000003.1593985364.00000194FEA57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mobilesuica.com/
    Source: firefox.exe, 0000000E.00000003.1443152752.00000194FE0DD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1443152752.00000194FE0DB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596991555.00000194FE0DF000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org
    Source: firefox.exe, 0000000E.00000003.1443152752.00000194FE076000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/about/legal/terms/subscription-services/
    Source: firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/releasenotes/?utm_source=firefox-browser&utm_medi
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/%VERSION%/tour/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/geolocation/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/new?reason=manual-update
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/notes
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/set-as-default/thanks/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/firefox/xr/
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/%LOCALE%/privacy/subscription-services/
    Source: places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.1560622173.0000019508AF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.8Z86fTxZfkM6
    Source: firefox.exe, 0000000E.00000003.1440264929.00000194FE2A6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1439767539.00000194FE292000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1441034410.00000194FE2C0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1440707478.00000194FE2AD000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/about/legal/terms/mozilla/
    Source: firefox.exe, 0000000E.00000003.1590888059.0000019506782000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1582764338.0000019506782000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/anything/?
    Source: places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.1560622173.0000019508AF5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.UnUp0v0CLe9Y
    Source: firefox.exe, 0000000E.00000003.1588648955.00000194FEAB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/about/legal/terms/subscription-services/
    Source: firefox.exe, 0000000E.00000003.1586335631.00000194FF3F7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557541861.00003D5AD1903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1581163422.00000194FF3F7000.00000004.00000800.00020000.00000000.sdmp, targeting.snapshot.json.tmp.14.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.1443152752.00000194FE0E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1596991555.00000194FE0E6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560622173.0000019508AF5000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
    Source: firefox.exe, 0000000E.00000003.1557541861.00003D5AD1903000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Z
    Source: firefox.exe, 0000000E.00000003.1588648955.00000194FEAB6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/en-US/privacy/subscription-services/
    Source: firefox.exe, 0000000E.00000003.1560622173.0000019508AF5000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/android/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/ios/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_campa
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#crash-reporter
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/legal/privacy/firefox.html#health-report
    Source: firefox.exe, 00000013.00000002.3201843113.000002A9EEBF6000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/
    Source: firefox.exe, 0000000E.00000003.1496370532.00000194FDD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1584585922.0000019509055000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/#suggest-relevant-content
    Source: firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/privacy/firefox/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_c
    Source: firefox.exe, 0000000E.00000003.1560622173.0000019508AF5000.00000004.00000800.00020000.00000000.sdmp, places.sqlite-wal.14.drString found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
    Source: firefox.exe, 0000000E.00000003.1579347159.0000019500262000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1602211299.00000194FD65A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.olx.pl/
    Source: firefox.exe, 0000000E.00000003.1443152752.00000194FE040000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/
    Source: firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.reddit.com/Z
    Source: firefox.exe, 0000000E.00000003.1558095839.00001AB06E804000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1594308776.00000194FEA30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sling.com/
    Source: firefox.exe, 0000000E.00000003.1557541861.00003D5AD1903000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1610202493.0000019508DB5000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.tiktok.com/
    Source: firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.wykop.pl/
    Source: firefox.exe, 0000000E.00000003.1558728624.00000195092E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEB0C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
    Source: firefox.exe, 0000000E.00000003.1558095839.00001AB06E804000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/Z
    Source: firefox.exe, 0000000E.00000003.1602211299.00000194FD65A000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.zhihu.com/
    Source: firefox.exe, 0000000E.00000003.1577785080.0000019504E31000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://xhr.spec.whatwg.org/#sync-warning
    Source: firefox.exe, 0000000E.00000003.1586383650.00000194FF081000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1608612316.000001950924A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1559115388.0000019509249000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com
    Source: firefox.exe, 0000000E.00000003.1560826626.0000019507313000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/
    Source: recovery.jsonlz4.tmp.14.drString found in binary or memory: https://youtube.com/account?=
    Source: firefox.exe, 00000010.00000002.3200795723.0000027B841C0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sig
    Source: firefox.exe, 00000012.00000002.3202987109.0000020590F30000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sigF
    Source: gTU8ed4669.exe, 00000000.00000003.1425720711.0000000000BDC000.00000004.00000020.00020000.00000000.sdmp, gTU8ed4669.exe, 00000000.00000002.1431100575.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp, gTU8ed4669.exe, 00000000.00000002.1430541254.0000000000BE4000.00000004.00000020.00020000.00000000.sdmp, gTU8ed4669.exe, 00000000.00000003.1421428415.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp, gTU8ed4669.exe, 00000000.00000003.1411866174.0000000000AF7000.00000004.00000020.00020000.00000000.sdmp, gTU8ed4669.exe, 00000000.00000003.1422221541.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp, gTU8ed4669.exe, 00000000.00000003.1426179797.0000000000BDC000.00000004.00000020.00020000.00000000.sdmp, gTU8ed4669.exe, 00000000.00000003.1416020619.0000000000D54000.00000004.00000020.00020000.00000000.sdmp, gTU8ed4669.exe, 00000000.00000003.1418287019.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp, gTU8ed4669.exe, 00000000.00000003.1427698108.0000000000BE4000.00000004.00000020.00020000.00000000.sdmp, gTU8ed4669.exe, 00000000.00000003.1426933980.0000000000BDD000.00000004.00000020.00020000.00000000.sdmp, gTU8ed4669.exe, 00000000.00000002.1431333240.0000000000DE6000.00000004.00000020.00020000.00000000.sdmp, gTU8ed4669.exe, 00000000.00000003.1420547368.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp, gTU8ed4669.exe, 00000000.00000003.1426671845.0000000000DE1000.00000004.00000020.00020000.00000000.sdmp, gTU8ed4669.exe, 00000000.00000003.1416385485.0000000000D5D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000003.1385593819.0000013F897A2000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1386147154.0000013F87C3C000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000003.1385351809.0000013F87C2D000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000003.1385552938.0000013F87C39000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000003.1385665279.0000013F87C3B000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000C.00000002.1386475854.0000013F897A3000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd
    Source: firefox.exe, 0000000C.00000002.1386060531.0000013F87C1A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 0000000D.00000002.1392405747.00000280E35A9000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd--no-default-browser
    Source: firefox.exe, 00000010.00000002.3201413915.0000027B84200000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3200795723.0000027B841C4000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3202987109.0000020590F34000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200154099.0000020590BC0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3200308478.000002A9EE6E0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3200897711.000002A9EE774000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdMOZ_CRASHREPORTER_RE
    Source: firefox.exe, 00000010.00000002.3201413915.0000027B8420A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdN
    Source: firefox.exe, 00000010.00000002.3201413915.0000027B84200000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwdZ
    Source: firefox.exe, 00000013.00000002.3200897711.000002A9EE770000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://youtube.com/account?=https://accounts.google.com/v3/sigoP
    Source: firefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://youtube.comZ
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49986
    Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49833 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
    Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49911 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49915 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 50033
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49986 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49914 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49915
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49914
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49911
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
    Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49833
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
    Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 50033 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.11:49745 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.160.144.191:443 -> 192.168.2.11:49746 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.11:49759 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49774 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49775 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49792 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49799 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.11:49829 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.11:49830 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 151.101.1.91:443 -> 192.168.2.11:49833 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.149.100.209:443 -> 192.168.2.11:49839 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.11:49840 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.11:49842 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 35.244.181.201:443 -> 192.168.2.11:49841 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49912 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49911 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49913 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49914 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49915 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 34.120.208.123:443 -> 192.168.2.11:49916 version: TLS 1.2
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008EEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_008EEAFF
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008EED6A OpenClipboard,EmptyClipboard,GlobalAlloc,GlobalLock,GlobalUnlock,OpenClipboard,EmptyClipboard,SetClipboardData,CloseClipboard,0_2_008EED6A
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008EEAFF OpenClipboard,IsClipboardFormatAvailable,IsClipboardFormatAvailable,GetClipboardData,CloseClipboard,GlobalLock,CloseClipboard,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,GlobalUnlock,IsClipboardFormatAvailable,GetClipboardData,GlobalLock,DragQueryFileW,DragQueryFileW,DragQueryFileW,GlobalUnlock,CountClipboardFormats,CloseClipboard,0_2_008EEAFF
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008DAA57 GetKeyboardState,SetKeyboardState,PostMessageW,SendInput,0_2_008DAA57
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00909576 DefDlgProcW,SendMessageW,GetWindowLongW,SendMessageW,SendMessageW,GetKeyState,GetKeyState,GetKeyState,SendMessageW,GetKeyState,SendMessageW,SendMessageW,SendMessageW,ImageList_SetDragCursorImage,ImageList_BeginDrag,SetCapture,ClientToScreen,ImageList_DragEnter,InvalidateRect,ReleaseCapture,GetCursorPos,ScreenToClient,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetCursorPos,ScreenToClient,GetParent,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,SendMessageW,SendMessageW,ClientToScreen,TrackPopupMenuEx,GetWindowLongW,0_2_00909576

    System Summary

    barindex
    Binary is likely a compiled AutoIt script file
    Source: gTU8ed4669.exeString found in binary or memory: This is a third-party compiled AutoIt script.
    Source: gTU8ed4669.exe, 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: This is a third-party compiled AutoIt script.memstr_08b103f8-6
    Source: gTU8ed4669.exe, 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_cfa7ed03-b
    Source: gTU8ed4669.exeString found in binary or memory: This is a third-party compiled AutoIt script.memstr_79b35b32-4
    Source: gTU8ed4669.exeString found in binary or memory: AnyArabicArmenianAvestanBalineseBamumBassa_VahBatakBengaliBopomofoBrahmiBrailleBugineseBuhidCCanadian_AboriginalCarianCaucasian_AlbanianCcCfChakmaChamCherokeeCnCoCommonCopticCsCuneiformCypriotCyrillicDeseretDevanagariDuployanEgyptian_HieroglyphsElbasanEthiopicGeorgianGlagoliticGothicGranthaGreekGujaratiGurmukhiHanHangulHanunooHebrewHiraganaImperial_AramaicInheritedInscriptional_PahlaviInscriptional_ParthianJavaneseKaithiKannadaKatakanaKayah_LiKharoshthiKhmerKhojkiKhudawadiLL&LaoLatinLepchaLimbuLinear_ALinear_BLisuLlLmLoLtLuLycianLydianMMahajaniMalayalamMandaicManichaeanMcMeMeetei_MayekMende_KikakuiMeroitic_CursiveMeroitic_HieroglyphsMiaoMnModiMongolianMroMyanmarNNabataeanNdNew_Tai_LueNkoNlNoOghamOl_ChikiOld_ItalicOld_North_ArabianOld_PermicOld_PersianOld_South_ArabianOld_TurkicOriyaOsmanyaPPahawh_HmongPalmyrenePau_Cin_HauPcPdPePfPhags_PaPhoenicianPiPoPsPsalter_PahlaviRejangRunicSSamaritanSaurashtraScSharadaShavianSiddhamSinhalaSkSmSoSora_SompengSundaneseSyloti_NagriSyriacTagalogTagbanwaTai_LeTai_ThamTai_VietTakriTamilTeluguThaanaThaiTibetanTifinaghTirhutaUgariticVaiWarang_CitiXanXpsXspXucXwdYiZZlZpZsSDSOFTWARE\Classes\\CLSID\\\IPC$This is a third-party compiled AutoIt script."runasError allocating memory.SeAssignPrimaryTokenPrivilegeSeIncreaseQuotaPrivilegeSeBackupPrivilegeSeRestorePrivilegewinsta0defaultwinsta0\defaultComboBoxListBoxSHELLDLL_DefViewlargeiconsdetailssmalliconslistCLASSCLASSNNREGEXPCLASSIDNAMEXYWHINSTANCETEXT%s%u%s%dLAST[LASTACTIVE[ACTIVEHANDLE=[HANDLE:REGEXP=[REGEXPTITLE:CLASSNAME=[CLASS:ALL[ALL]HANDLEREGEXPTITLETITLEThumbnailClassAutoIt3GUIContainermemstr_380101c8-f
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000020591892977 NtQuerySystemInformation,18_2_0000020591892977
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_00000205918B71F2 NtQuerySystemInformation,18_2_00000205918B71F2
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008DD5EB: CreateFileW,DeviceIoControl,CloseHandle,0_2_008DD5EB
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008D1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_008D1201
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008DE8F6 ExitWindowsEx,InitiateSystemShutdownExW,SetSystemPowerState,0_2_008DE8F6
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0087CAF00_2_0087CAF0
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E20460_2_008E2046
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008780600_2_00878060
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008D82980_2_008D8298
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008AE4FF0_2_008AE4FF
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008A676B0_2_008A676B
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_009048730_2_00904873
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0089CAA00_2_0089CAA0
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0088CC390_2_0088CC39
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008A6DD90_2_008A6DD9
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008791C00_2_008791C0
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0088B1190_2_0088B119
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008913940_2_00891394
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008917060_2_00891706
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0089781B0_2_0089781B
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008919B00_2_008919B0
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008779200_2_00877920
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0088997D0_2_0088997D
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00897A4A0_2_00897A4A
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00897CA70_2_00897CA7
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00891C770_2_00891C77
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008A9EEE0_2_008A9EEE
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008FBE440_2_008FBE44
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00891F320_2_00891F32
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_000002059189297718_2_0000020591892977
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_00000205918B71F218_2_00000205918B71F2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_00000205918B723218_2_00000205918B7232
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_00000205918B791C18_2_00000205918B791C
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: String function: 00879CB3 appears 31 times
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: String function: 00890A30 appears 46 times
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: String function: 0088F9F2 appears 40 times
    Source: gTU8ed4669.exeStatic PE information: EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
    Source: classification engineClassification label: mal80.troj.evad.winEXE@34/38@72/12
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E37B5 GetLastError,FormatMessageW,0_2_008E37B5
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008D10BF AdjustTokenPrivileges,CloseHandle,0_2_008D10BF
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008D16C3 LookupPrivilegeValueW,AdjustTokenPrivileges,GetLastError,0_2_008D16C3
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E51CD SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,0_2_008E51CD
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008DD4DC CreateToolhelp32Snapshot,Process32FirstW,Process32NextW,CloseHandle,0_2_008DD4DC
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E648E _wcslen,CoInitialize,CoCreateInstance,CoUninitialize,0_2_008E648E
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008742A2 CreateStreamOnHGlobal,FindResourceExW,LoadResource,SizeofResource,LockResource,0_2_008742A2
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Mozilla\Firefox\SkeletonUILock-c388d246Jump to behavior
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7980:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7356:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8076:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:8132:120:WilError_03
    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6080:120:WilError_03
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Local\Temp\firefoxJump to behavior
    Source: gTU8ed4669.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Windows\SysWOW64\taskkill.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT __PATH, ProcessId, CSName, Caption, SessionId, ThreadCount, WorkingSetSize, KernelModeTime, UserModeTime, ParentProcessId FROM Win32_Process
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile read: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
    Source: firefox.exe, 0000000E.00000003.1605641547.0000019508AC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE timestamp BETWEEN date(:dateFrom) AND date(:dateTo);
    Source: firefox.exe, 0000000E.00000003.1605641547.0000019508AC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE events (id INTEGER PRIMARY KEY, type INTEGER NOT NULL, count INTEGER NOT NULL, timestamp DATE );
    Source: firefox.exe, 0000000E.00000003.1605641547.0000019508AC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: INSERT INTO events (type, count, timestamp) VALUES (:type, 1, date(:date));
    Source: firefox.exe, 0000000E.00000003.1442834384.00000194FE3C8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE moz_places SET foreign_count = foreign_count - 1 WHERE id = OLD.place_id;
    Source: firefox.exe, 0000000E.00000003.1605641547.0000019508AC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;
    Source: firefox.exe, 0000000E.00000003.1605641547.0000019508AC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT timestamp FROM events ORDER BY timestamp ASC LIMIT 1;;Fy6
    Source: firefox.exe, 0000000E.00000003.1605641547.0000019508AC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: UPDATE events SET count = count + 1 WHERE id = :id;-
    Source: firefox.exe, 0000000E.00000003.1605641547.0000019508AC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9'
    Source: firefox.exe, 0000000E.00000003.1605641547.0000019508AC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT sum(count) FROM events;9
    Source: firefox.exe, 0000000E.00000003.1605641547.0000019508AC5000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT * FROM events WHERE type = :type AND timestamp = date(:date);
    Source: gTU8ed4669.exeReversingLabs: Detection: 28%
    Source: unknownProcess created: C:\Users\user\Desktop\gTU8ed4669.exe "C:\Users\user\Desktop\gTU8ed4669.exe"
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /T
    Source: C:\Windows\SysWOW64\taskkill.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
    Source: unknownProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2208 -prefMapHandle 2200 -prefsLen 25393 -prefMapSize 238472 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adacb488-456f-4bdd-b503-fae0723e806e} 3764 "\\.\pipe\gecko-crash-server-pipe.3764" 194ece70b10 socket
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4380 -parentBuildID 20230927232528 -prefsHandle 4320 -prefMapHandle 4316 -prefsLen 26408 -prefMapSize 238472 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46853b82-603f-431f-9c20-12d6f5692070} 3764 "\\.\pipe\gecko-crash-server-pipe.3764" 194feec8210 rdd
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5064 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5056 -prefMapHandle 5052 -prefsLen 33559 -prefMapSize 238472 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdfaa482-0641-42af-836a-eca09acadf2a} 3764 "\\.\pipe\gecko-crash-server-pipe.3764" 194fd69f710 utility
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blockingJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2208 -prefMapHandle 2200 -prefsLen 25393 -prefMapSize 238472 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adacb488-456f-4bdd-b503-fae0723e806e} 3764 "\\.\pipe\gecko-crash-server-pipe.3764" 194ece70b10 socketJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4380 -parentBuildID 20230927232528 -prefsHandle 4320 -prefMapHandle 4316 -prefsLen 26408 -prefMapSize 238472 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46853b82-603f-431f-9c20-12d6f5692070} 3764 "\\.\pipe\gecko-crash-server-pipe.3764" 194feec8210 rddJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: C:\Program Files\Mozilla Firefox\firefox.exe "C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5064 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5056 -prefMapHandle 5052 -prefsLen 33559 -prefMapSize 238472 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdfaa482-0641-42af-836a-eca09acadf2a} 3764 "\\.\pipe\gecko-crash-server-pipe.3764" 194fd69f710 utilityJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeProcess created: unknown unknownJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wsock32.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: version.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winmm.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wininet.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: iphlpapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: uxtheme.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: windows.storage.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wldp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: rasadhlp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: napinsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: pnrpnsp.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: wshbth.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: nlaapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: mswsock.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: dnsapi.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: winrnr.dllJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSection loaded: fwpuclnt.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: version.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: mpr.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: framedynos.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: dbghelp.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: srvcli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: netutils.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: sspicli.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: kernel.appcore.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: wbemcomn.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: winsta.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: amsi.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: userenv.dllJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeSection loaded: profapi.dllJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: gTU8ed4669.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IMPORT
    Source: gTU8ed4669.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_RESOURCE
    Source: gTU8ed4669.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_BASERELOC
    Source: gTU8ed4669.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: gTU8ed4669.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG
    Source: gTU8ed4669.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_IAT
    Source: gTU8ed4669.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
    Source: Binary string: webauthn.pdb source: firefox.exe, 0000000E.00000003.1467123374.00000195094C1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdbV source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: pnrpnsp.pdb source: firefox.exe, 0000000E.00000003.1501991292.00000194FA49B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ktmw32.pdb source: firefox.exe, 0000000E.00000003.1465616842.00000194FA495000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdb source: firefox.exe, 0000000E.00000003.1500900106.00000194FA4A6000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: z:\task_1551543573\build\openh264\gmpopenh264.pdb source: gmpopenh264.dll.tmp.14.dr
    Source: Binary string: webauthn.pdbGCTL source: firefox.exe, 0000000E.00000003.1467123374.00000195094C1000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: pnrpnsp.pdbUGP source: firefox.exe, 0000000E.00000003.1501991292.00000194FA49B000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: netprofm.pdbUGP source: firefox.exe, 0000000E.00000003.1500900106.00000194FA4A6000.00000004.00000020.00020000.00000000.sdmp
    Source: Binary string: ktmw32.pdbGCTL source: firefox.exe, 0000000E.00000003.1465616842.00000194FA495000.00000004.00000020.00020000.00000000.sdmp
    Source: gTU8ed4669.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IMPORT is in: .rdata
    Source: gTU8ed4669.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_RESOURCE is in: .rsrc
    Source: gTU8ed4669.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_BASERELOC is in: .reloc
    Source: gTU8ed4669.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG is in: .rdata
    Source: gTU8ed4669.exeStatic PE information: Data directory: IMAGE_DIRECTORY_ENTRY_IAT is in: .rdata
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008742DE
    Source: gmpopenh264.dll.tmp.14.drStatic PE information: section name: .rodata
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00890A76 push ecx; ret 0_2_00890A89
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmpJump to dropped file
    Source: C:\Program Files\Mozilla Firefox\firefox.exeFile created: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)Jump to dropped file
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0088F98E GetForegroundWindow,FindWindowW,IsIconic,ShowWindow,SetForegroundWindow,GetWindowThreadProcessId,GetWindowThreadProcessId,GetCurrentThreadId,GetWindowThreadProcessId,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,SetForegroundWindow,MapVirtualKeyW,MapVirtualKeyW,keybd_event,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,MapVirtualKeyW,keybd_event,SetForegroundWindow,AttachThreadInput,AttachThreadInput,AttachThreadInput,AttachThreadInput,0_2_0088F98E
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00901C41 IsWindowVisible,IsWindowEnabled,GetForegroundWindow,IsIconic,IsZoomed,0_2_00901C41
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

    Malware Analysis System Evasion

    barindex
    Found API chain indicative of sandbox detection
    Source: C:\Users\user\Desktop\gTU8ed4669.exeSandbox detection routine: GetForegroundWindow, DecisionNode, Sleepgraph_0-96540
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000020591892977 rdtsc 18_2_0000020591892977
    Source: C:\Users\user\Desktop\gTU8ed4669.exeAPI coverage: 3.8 %
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008DDBBE lstrlenW,GetFileAttributesW,FindFirstFileW,FindClose,0_2_008DDBBE
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008AC2A2 FindFirstFileExW,0_2_008AC2A2
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E68EE FindFirstFileW,FindClose,0_2_008E68EE
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E698F FindFirstFileW,FindClose,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToLocalFileTime,FileTimeToSystemTime,FileTimeToSystemTime,FileTimeToSystemTime,0_2_008E698F
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008DD076 FindFirstFileW,DeleteFileW,DeleteFileW,MoveFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008DD076
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008DD3A9 FindFirstFileW,DeleteFileW,FindNextFileW,FindClose,FindClose,0_2_008DD3A9
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E9642 SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,GetFileAttributesW,SetFileAttributesW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_008E9642
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E979D SetCurrentDirectoryW,FindFirstFileW,FindFirstFileW,FindNextFileW,FindClose,FindFirstFileW,SetCurrentDirectoryW,SetCurrentDirectoryW,SetCurrentDirectoryW,FindNextFileW,FindClose,FindClose,0_2_008E979D
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E9B2B FindFirstFileW,Sleep,FindNextFileW,FindClose,0_2_008E9B2B
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008E5C97 FindFirstFileW,FindNextFileW,FindClose,0_2_008E5C97
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008742DE
    Source: firefox.exe, 00000012.00000002.3200154099.0000020590BCA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`n;
    Source: firefox.exe, 00000012.00000002.3203467279.00000205913B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<
    Source: firefox.exe, 00000010.00000002.3204763479.0000027B84A40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllf6
    Source: firefox.exe, 00000010.00000002.3201413915.0000027B8420A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWE
    Source: firefox.exe, 00000010.00000002.3201413915.0000027B8420A000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3203467279.00000205913B0000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201260104.000002A9EE7A0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
    Source: firefox.exe, 00000010.00000002.3204065116.0000027B8461D000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW : 2 : 34 : 1 : 1 : 0x20026 : 0x8 : %SystemRoot%\system32\mswsock.dll : : 1234191b-4bf7-4ca7-86e0-dfd7c32b5445
    Source: firefox.exe, 00000013.00000002.3200308478.000002A9EE6EA000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW`7z
    Source: firefox.exe, 00000010.00000002.3204763479.0000027B84A40000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllK?
    Source: firefox.exe, 00000010.00000002.3201413915.0000027B8420A000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAWL@>
    Source: firefox.exe, 00000010.00000002.3204763479.0000027B84A40000.00000004.00000020.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3203467279.00000205913B0000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess information queried: ProcessInformationJump to behavior
    Source: C:\Program Files\Mozilla Firefox\firefox.exeCode function: 18_2_0000020591892977 rdtsc 18_2_0000020591892977
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008EEAA2 BlockInput,0_2_008EEAA2
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008A2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008A2622
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008742DE
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00894CE8 mov eax, dword ptr fs:[00000030h]0_2_00894CE8
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008D0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_008D0B62
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Windows\SysWOW64\taskkill.exeProcess token adjusted: DebugJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008A2622 IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_008A2622
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_0089083F IsProcessorFeaturePresent,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,0_2_0089083F
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008909D5 SetUnhandledExceptionFilter,0_2_008909D5
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00890C21 SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,0_2_00890C21
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008D1201 LogonUserW,DuplicateTokenEx,CloseHandle,OpenWindowStationW,GetProcessWindowStation,SetProcessWindowStation,OpenDesktopW,_wcslen,LoadUserProfileW,CreateEnvironmentBlock,CreateProcessAsUserW,UnloadUserProfile,GetProcessHeap,HeapFree,CloseWindowStation,CloseDesktop,SetProcessWindowStation,CloseHandle,DestroyEnvironmentBlock,0_2_008D1201
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008B2BA5 KiUserCallbackDispatcher,SetCurrentDirectoryW,GetForegroundWindow,ShellExecuteW,0_2_008B2BA5
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008DB226 SendInput,keybd_event,0_2_008DB226
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008F22DA GetForegroundWindow,GetDesktopWindow,GetWindowRect,mouse_event,GetCursorPos,mouse_event,0_2_008F22DA
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM firefox.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM chrome.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM msedge.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM opera.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeProcess created: C:\Windows\SysWOW64\taskkill.exe taskkill /F /IM brave.exe /TJump to behavior
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008D0B62 GetSecurityDescriptorDacl,GetAclInformation,GetLengthSid,GetLengthSid,GetAce,AddAce,GetLengthSid,GetProcessHeap,HeapAlloc,GetLengthSid,CopySid,AddAce,SetSecurityDescriptorDacl,SetUserObjectSecurity,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,0_2_008D0B62
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008D1663 AllocateAndInitializeSid,CheckTokenMembership,FreeSid,0_2_008D1663
    Source: gTU8ed4669.exeBinary or memory string: Run Script:AutoIt script files (*.au3, *.a3x)*.au3;*.a3xAll files (*.*)*.*au3#include depth exceeded. Make sure there are no recursive includesError opening the file>>>AUTOIT SCRIPT<<<Bad directive syntax errorUnterminated stringCannot parse #includeUnterminated group of commentsONOFF0%d%dShell_TrayWndREMOVEKEYSEXISTSAPPENDblankinfoquestionstopwarning
    Source: gTU8ed4669.exeBinary or memory string: Shell_TrayWnd
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_00890698 cpuid 0_2_00890698
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008CD21C GetLocalTime,0_2_008CD21C
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008CD27A GetUserNameW,0_2_008CD27A
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008AB952 _free,_free,_free,GetTimeZoneInformation,WideCharToMultiByte,WideCharToMultiByte,_free,0_2_008AB952
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008742DE GetVersionExW,GetCurrentProcess,IsWow64Process,LoadLibraryA,GetProcAddress,GetNativeSystemInfo,FreeLibrary,GetSystemInfo,GetSystemInfo,0_2_008742DE

    Stealing of Sensitive Information

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: gTU8ed4669.exe PID: 7920, type: MEMORYSTR
    Source: gTU8ed4669.exeBinary or memory string: WIN_81
    Source: gTU8ed4669.exeBinary or memory string: WIN_XP
    Source: gTU8ed4669.exeBinary or memory string: %.3d%S%M%H%m%Y%jX86IA64X64WIN32_NTWIN_11WIN_10WIN_2022WIN_2019WIN_2016WIN_81WIN_2012R2WIN_2012WIN_8WIN_2008R2WIN_7WIN_2008WIN_VISTAWIN_2003WIN_XPeWIN_XPInstallLanguageSYSTEM\CurrentControlSet\Control\Nls\LanguageSchemeLangIDControl Panel\AppearanceUSERPROFILEUSERDOMAINUSERDNSDOMAINGetSystemWow64DirectoryWSeDebugPrivilege:winapistdcallubyte64HKEY_LOCAL_MACHINEHKLMHKEY_CLASSES_ROOTHKCRHKEY_CURRENT_CONFIGHKCCHKEY_CURRENT_USERHKCUHKEY_USERSHKUREG_EXPAND_SZREG_SZREG_MULTI_SZREG_DWORDREG_QWORDREG_BINARYRegDeleteKeyExWadvapi32.dll+.-.\\[\\nrt]|%%|%[-+ 0#]?([0-9]*|\*)?(\.[0-9]*|\.\*)?[hlL]?[diouxXeEfgGs](*UCP)\XISVISIBLEISENABLEDTABLEFTTABRIGHTCURRENTTABSHOWDROPDOWNHIDEDROPDOWNADDSTRINGDELSTRINGFINDSTRINGGETCOUNTSETCURRENTSELECTIONGETCURRENTSELECTIONSELECTSTRINGISCHECKEDCHECKUNCHECKGETSELECTEDGETLINECOUNTGETCURRENTLINEGETCURRENTCOLEDITPASTEGETLINESENDCOMMANDIDGETITEMCOUNTGETSUBITEMCOUNTGETTEXTGETSELECTEDCOUNTISSELECTEDSELECTALLSELECTCLEARSELECTINVERTDESELECTFINDITEMVIEWCHANGEGETTOTALCOUNTCOLLAPSEEXPANDmsctls_statusbar321tooltips_class32%d/%02d/%02dbuttonComboboxListboxSysDateTimePick32SysMonthCal32.icl.exe.dllMsctls_Progress32msctls_trackbar32SysAnimate32msctls_updown32SysTabControl32SysTreeView32SysListView32-----@GUI_DRAGID@GUI_DROPID@GUI_DRAGFILEError text not found (please report)Q\EDEFINEUTF16)UTF)UCP)NO_AUTO_POSSESS)NO_START_OPT)LIMIT_MATCH=LIMIT_RECURSION=CR)LF)CRLF)ANY)ANYCRLF)BSR_ANYCRLF)BSR_UNICODE)argument is not a compiled regular expressionargument not compiled in 16 bit modeinternal error: opcode not recognizedinternal error: missing capturing bracketfailed to get memory
    Source: gTU8ed4669.exeBinary or memory string: WIN_XPe
    Source: gTU8ed4669.exeBinary or memory string: WIN_VISTA
    Source: gTU8ed4669.exeBinary or memory string: WIN_7
    Source: gTU8ed4669.exeBinary or memory string: WIN_8

    Remote Access Functionality

    barindex
    Yara detected Credential Flusher
    Source: Yara matchFile source: Process Memory Space: gTU8ed4669.exe PID: 7920, type: MEMORYSTR
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008F1204 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,listen,WSAGetLastError,closesocket,0_2_008F1204
    Source: C:\Users\user\Desktop\gTU8ed4669.exeCode function: 0_2_008F1806 socket,WSAGetLastError,bind,WSAGetLastError,closesocket,0_2_008F1806

    Mitre Att&ck Matrix

    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
    Gather Victim Identity InformationAcquire Infrastructure2
    Valid Accounts    		1
    Windows Management Instrumentation    		1
    DLL Side-Loading    		1
    Exploitation for Privilege Escalation    		2
    Disable or Modify Tools    		21
    Input Capture    		2
    System Time Discovery    		Remote Services1
    Archive Collected Data    		2
    Ingress Tool Transfer    		Exfiltration Over Other Network Medium1
    System Shutdown/Reboot
    CredentialsDomainsDefault Accounts1
    Native API    		2
    Valid Accounts    		1
    DLL Side-Loading    		1
    Deobfuscate/Decode Files or Information    		LSASS Memory1
    Account Discovery    		Remote Desktop Protocol21
    Input Capture    		12
    Encrypted Channel    		Exfiltration Over BluetoothNetwork Denial of Service
    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
    Extra Window Memory Injection    		2
    Obfuscated Files or Information    		Security Account Manager2
    File and Directory Discovery    		SMB/Windows Admin Shares3
    Clipboard Data    		2
    Non-Application Layer Protocol    		Automated ExfiltrationData Encrypted for Impact
    Employee NamesVirtual Private ServerLocal AccountsCronLogin Hook2
    Valid Accounts    		1
    DLL Side-Loading    		NTDS16
    System Information Discovery    		Distributed Component Object ModelInput Capture3
    Application Layer Protocol    		Traffic DuplicationData Destruction
    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script21
    Access Token Manipulation    		1
    Extra Window Memory Injection    		LSA Secrets131
    Security Software Discovery    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC Scripts2
    Process Injection    		1
    Masquerading    		Cached Domain Credentials1
    Virtualization/Sandbox Evasion    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items2
    Valid Accounts    		DCSync3
    Process Discovery    		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job1
    Virtualization/Sandbox Evasion    		Proc Filesystem1
    Application Window Discovery    		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
    Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt21
    Access Token Manipulation    		/etc/passwd and /etc/shadow1
    System Owner/User Discovery    		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
    IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron2
    Process Injection    		Network SniffingNetwork Service DiscoveryShared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet
    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1578932 Sample: gTU8ed4669.exe Startdate: 20/12/2024 Architecture: WINDOWS Score: 80 45 youtube.com 2->45 47 youtube-ui.l.google.com 2->47 49 34 other IPs or domains 2->49 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 Yara detected Credential Flusher 2->61 63 3 other signatures 2->63 8 gTU8ed4669.exe 2->8         started        11 firefox.exe 1 2->11         started        signatures3 process4 signatures5 65 Binary is likely a compiled AutoIt script file 8->65 67 Found API chain indicative of sandbox detection 8->67 13 taskkill.exe 1 8->13         started        15 taskkill.exe 1 8->15         started        17 taskkill.exe 1 8->17         started        23 3 other processes 8->23 19 firefox.exe 3 229 11->19         started        process6 dnsIp7 25 conhost.exe 13->25         started        27 conhost.exe 15->27         started        29 conhost.exe 17->29         started        51 youtube.com 142.250.181.110, 443, 49735, 49736 GOOGLEUS United States 19->51 53 prod.detectportal.prod.cloudops.mozgcp.net 34.107.221.82, 49737, 49749, 49754 GOOGLEUS United States 19->53 55 10 other IPs or domains 19->55 41 C:\Users\user\AppData\...\gmpopenh264.dll.tmp, PE32+ 19->41 dropped 43 C:\Users\user\...\gmpopenh264.dll (copy), PE32+ 19->43 dropped 31 firefox.exe 1 19->31         started        33 firefox.exe 1 19->33         started        35 firefox.exe 1 19->35         started        37 conhost.exe 23->37         started        39 conhost.exe 23->39         started        file8 process9

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    SourceDetectionScannerLabelLink
    gTU8ed4669.exe29%ReversingLabsWin32.Trojan.Generic
    gTU8ed4669.exe100%AviraTR/ATRAPS.Gen
    gTU8ed4669.exe100%Joe Sandbox ML

    Dropped Files

    SourceDetectionScannerLabelLink
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)0%ReversingLabs
    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp0%ReversingLabs

    Unpacked PE Files

    No Antivirus matches

    Domains

    No Antivirus matches

    URLs

    No Antivirus matches

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    example.org
    		93.184.215.14
    		truefalse
      		high
      star-mini.c10r.facebook.com
      		157.240.196.35
      		truefalse
        		high
        prod.classify-client.prod.webservices.mozgcp.net
        		35.190.72.216
        		truefalse
          		high
          prod.balrog.prod.cloudops.mozgcp.net
          		35.244.181.201
          		truefalse
            		high
            twitter.com
            		104.244.42.129
            		truefalse
              		high
              prod.detectportal.prod.cloudops.mozgcp.net
              		34.107.221.82
              		truefalse
                		high
                services.addons.mozilla.org
                		151.101.1.91
                		truefalse
                  		high
                  s-part-0035.t-0009.t-msedge.net
                  		13.107.246.63
                  		truefalse
                    		high
                    dyna.wikimedia.org
                    		185.15.58.224
                    		truefalse
                      		high
                      prod.remote-settings.prod.webservices.mozgcp.net
                      		34.149.100.209
                      		truefalse
                        		high
                        contile.services.mozilla.com
                        		34.117.188.166
                        		truefalse
                          		high
                          youtube.com
                          		142.250.181.110
                          		truefalse
                            		high
                            prod.content-signature-chains.prod.webservices.mozgcp.net
                            		34.160.144.191
                            		truefalse
                              		high
                              youtube-ui.l.google.com
                              		172.217.19.206
                              		truefalse
                                		high
                                us-west1.prod.sumo.prod.webservices.mozgcp.net
                                		34.149.128.2
                                		truefalse
                                  		high
                                  reddit.map.fastly.net
                                  		151.101.65.140
                                  		truefalse
                                    		high
                                    ipv4only.arpa
                                    		192.0.0.171
                                    		truefalse
                                      		high
                                      prod.ads.prod.webservices.mozgcp.net
                                      		34.117.188.166
                                      		truefalse
                                        		high
                                        push.services.mozilla.com
                                        		34.107.243.93
                                        		truefalse
                                          		high
                                          normandy-cdn.services.mozilla.com
                                          		35.201.103.21
                                          		truefalse
                                            		high
                                            telemetry-incoming.r53-2.services.mozilla.com
                                            		34.120.208.123
                                            		truefalse
                                              		high
                                              www.reddit.com
                                              		unknown
                                              		unknownfalse
                                                		high
                                                spocs.getpocket.com
                                                		unknown
                                                		unknownfalse
                                                  		high
                                                  content-signature-2.cdn.mozilla.net
                                                  		unknown
                                                  		unknownfalse
                                                    		high
                                                    support.mozilla.org
                                                    		unknown
                                                    		unknownfalse
                                                      		high
                                                      firefox.settings.services.mozilla.com
                                                      		unknown
                                                      		unknownfalse
                                                        		high
                                                        www.youtube.com
                                                        		unknown
                                                        		unknownfalse
                                                          		high
                                                          www.facebook.com
                                                          		unknown
                                                          		unknownfalse
                                                            		high
                                                            detectportal.firefox.com
                                                            		unknown
                                                            		unknownfalse
                                                              		high
                                                              normandy.cdn.mozilla.net
                                                              		unknown
                                                              		unknownfalse
                                                                		high
                                                                shavar.services.mozilla.com
                                                                		unknown
                                                                		unknownfalse
                                                                  		high
                                                                  www.wikipedia.org
                                                                  		unknown
                                                                  		unknownfalse
                                                                    		high

                                                                    URLs from Memory and Binaries

                                                                    NameSourceMaliciousAntivirus DetectionReputation
                                                                    https://youtube.comZfirefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://play.google.com/store/apps/details?id=org.mozilla.firefox.vpn&referrer=utm_source%3Dfirefox-firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                        		high
                                                                        https://getpocket.cdn.mozilla.net/v3/firefox/trending-topics?version=2&consumer_key=$apiKey&locale_lfirefox.exe, 0000000E.00000003.1579686170.0000019500228000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590EC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEBC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://detectportal.firefox.com/firefox.exe, 0000000E.00000003.1561754929.0000019504EA1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://services.addons.mozilla.org/api/v5/addons/browser-mappings/?browser=%BROWSER%firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                              		high
                                                                              https://datastudio.google.com/embed/reporting/firefox.exe, 0000000E.00000003.1610656136.0000019508D3B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1559891384.0000019508D3B000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.mozilla.com0gmpopenh264.dll.tmp.14.drfalse
                                                                                  		high
                                                                                  https://developer.mozilla.org/en-US/docs/Web/Web_Components/Using_custom_elements#using_the_lifecyclfirefox.exe, 0000000E.00000003.1522859883.0000019504D55000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1425801036.0000019504D5A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://merino.services.mozilla.com/api/v1/suggestfirefox.exe, 00000012.00000002.3200715003.0000020590E86000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEB87000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://monitor.firefox.com/oauth/init?entrypoint=protection_report_monitor&utm_source=about-protectfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.leboncoin.fr/firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://spocs.getpocket.com/spocsfirefox.exe, 0000000E.00000003.1428184529.0000019504FCD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://shavar.services.mozilla.comfirefox.exe, 0000000E.00000003.1442834384.00000194FE3D5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              https://completion.amazon.com/search/complete?q=firefox.exe, 0000000E.00000003.1442238136.00000195069C1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398195654.00000194FCB4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1397518769.00000194FC900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398061028.00000194FCB34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1397890402.00000194FCB1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398329381.00000194FCB67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/social-media-tracking-reportfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://ads.stickyadstv.com/firefox-etpfirefox.exe, 0000000E.00000003.1431115714.00000194FDEAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1601270232.00000194FDB88000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1444272711.00000194FDEA9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1600299952.00000194FE631000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1595903476.00000194FE631000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1599102139.00000194FDEAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1431491687.00000194FDB88000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://identity.mozilla.com/ids/ecosystem_telemetryUfirefox.exe, 0000000E.00000003.1605687987.0000019508AB0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586225003.0000019508AB0000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/send-tabfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://monitor.firefox.com/breach-details/firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://github.com/w3c/csswg-drafts/issues/4650firefox.exe, 0000000E.00000003.1561099325.00000195069EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1442238136.00000195069F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://versioncheck-bg.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEMfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://xhr.spec.whatwg.org/#sync-warningfirefox.exe, 0000000E.00000003.1577785080.0000019504E31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.amazon.com/exec/obidos/external-search/firefox.exe, 0000000E.00000003.1443152752.00000194FE04A000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1523757374.00000194FF492000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398329381.00000194FCB67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.msn.comfirefox.exe, 0000000E.00000003.1579347159.0000019500262000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://github.com/mozilla-services/screenshotsfirefox.exe, 0000000E.00000003.1398195654.00000194FCB4D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1397518769.00000194FC900000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398061028.00000194FCB34000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1397890402.00000194FCB1B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1398329381.00000194FCB67000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://services.addons.mozilla.org/api/v4/addons/addon/firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/switching-devices?utm_source=panel-deffirefox.exe, 0000000E.00000003.1440707478.00000194FE2AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://tracking-protection-issues.herokuapp.com/newfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/password-manager-reportfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://youtube.com/firefox.exe, 0000000E.00000003.1560826626.0000019507313000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://content-signature-2.cdn.mozilla.net/firefox.exe, 0000000E.00000003.1603511648.00000194FB3B5000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://www.instagram.com/firefox.exe, 0000000E.00000003.1453322364.00000194FF5EB000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/fingerprinters-reportfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      https://api.accounts.firefox.com/v1firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://www.amazon.com/firefox.exe, 0000000E.00000003.1443152752.00000194FE040000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://addons.mozilla.org/%LOCALE%/%APP%/blocked-addon/%addonID%/%addonVersion%/firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://developer.mozilla.org/docs/Mozilla/Add-ons/WebExtensions/API/tabs/captureTabMozRequestFullScfirefox.exe, 0000000E.00000003.1577785080.0000019504E3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              https://monitor.firefox.com/?entrypoint=protection_report_monitor&utm_source=about-protectionsfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://www.youtube.com/firefox.exe, 0000000E.00000003.1558728624.00000195092E0000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590E03000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEB0C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://bugzilla.mozilla.org/show_bug.cgi?id=1283601firefox.exe, 0000000E.00000003.1456724597.0000019505594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455648791.00000194FDC4F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                    		high
                                                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/shieldfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                      		high
                                                                                                                                                      https://MD8.mozilla.org/1/mfirefox.exe, 0000000E.00000003.1596991555.00000194FE091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                        		high
                                                                                                                                                        https://www.bbc.co.uk/firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                          		high
                                                                                                                                                          https://getpocket.cdn.mozilla.net/v3/firefox/global-recs?version=3&consumer_key=$apiKey&locale_lang=firefox.exe, 0000000E.00000003.1496370532.00000194FDD8D000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1579686170.0000019500228000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590EC7000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEBC8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                            		high
                                                                                                                                                            http://127.0.0.1:firefox.exe, 0000000E.00000003.1444272711.00000194FDE53000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1442659552.00000194FE4F3000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                              		high
                                                                                                                                                              https://bugzilla.mozilla.org/show_bug.cgi?id=1266220firefox.exe, 0000000E.00000003.1456724597.0000019505594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455648791.00000194FDC4F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                		high
                                                                                                                                                                https://searchfox.org/mozilla-central/source/toolkit/components/search/SearchUtils.jsm#145-152firefox.exe, 0000000E.00000003.1512985504.00000194FE9B9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                  		high
                                                                                                                                                                  https://bugzilla.mofirefox.exe, 0000000E.00000003.1606415407.000001950673F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                    		high
                                                                                                                                                                    https://mitmdetection.services.mozilla.com/firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                      		high
                                                                                                                                                                      https://amazon.comfirefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                        		high
                                                                                                                                                                        https://static.adsafeprotected.com/firefox-etp-jsfirefox.exe, 0000000E.00000003.1600299952.00000194FE631000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1595903476.00000194FE631000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                          		high
                                                                                                                                                                          https://youtube.com/account?=recovery.jsonlz4.tmp.14.drfalse
                                                                                                                                                                            		high
                                                                                                                                                                            https://contile-images.services.mozilla.com/CuERQnIs4CzqjKBh9os6_h9d4CUDCHO3oiqmAQO6VLM.25122.jpgfirefox.exe, 00000010.00000002.3201995506.0000027B845BA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590EF2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3204239263.000002A9EEC03000.00000004.00000800.00020000.00000000.sdmp, prefs-1.js.14.drfalse
                                                                                                                                                                              		high
                                                                                                                                                                              https://developer.mozilla.org/docs/Web/API/Element/releasePointerCapturefirefox.exe, 0000000E.00000003.1577785080.0000019504E3D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                		high
                                                                                                                                                                                https://spocs.getpocket.com/firefox.exe, 0000000E.00000003.1428184529.0000019504FC9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1560826626.000001950730B000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1441938291.000001950730C000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000012.00000002.3200715003.0000020590E12000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000013.00000002.3201843113.000002A9EEB13000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                  		high
                                                                                                                                                                                  https://services.addons.mozilla.org/api/v4/abuse/report/addon/firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                    		high
                                                                                                                                                                                    https://services.addons.mozilla.org/api/v4/addons/search/?guid=%IDS%&lang=%LOCALE%firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                      		high
                                                                                                                                                                                      https://color.firefox.com/?utm_source=firefox-browser&utm_medium=firefox-browser&utm_content=theme-ffirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                        		high
                                                                                                                                                                                        https://www.iqiyi.com/firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                          		high
                                                                                                                                                                                          https://support.mozilla.org/products/firefoxgro.allizom.troppus.places.sqlite-wal.14.drfalse
                                                                                                                                                                                            		high
                                                                                                                                                                                            http://mozilla.org/~firefox.exe, 0000000E.00000003.1572401635.00000F827EA03000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                              		high
                                                                                                                                                                                              https://play.google.com/store/apps/details?id=org.mozilla.firefox&referrer=utm_source%3Dprotection_rfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                		high
                                                                                                                                                                                                https://monitor.firefox.com/user/breach-stats?includeResolved=truefirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                  		high
                                                                                                                                                                                                  https://www.amazon.com/Zfirefox.exe, 0000000E.00000003.1557135646.00001C9A76703000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    		high
                                                                                                                                                                                                    https://support.mozilla.org/1/firefox/%VERSION%/%OS%/%LOCALE%/cross-site-tracking-reportfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                      		high
                                                                                                                                                                                                      https://bugzilla.mozilla.org/show_bug.cgi?id=1584464firefox.exe, 0000000E.00000003.1561099325.00000195069EE000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1442238136.00000195069F3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        		high
                                                                                                                                                                                                        http://a9.com/-/spec/opensearch/1.0/firefox.exe, 0000000E.00000003.1442238136.0000019506999000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          		high
                                                                                                                                                                                                          https://safebrowsing.google.com/safebrowsing/diagnostic?site=firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                            		high
                                                                                                                                                                                                            http://www.inbox.lv/rfc2368/?value=%sufirefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1577785080.0000019504E4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              		high
                                                                                                                                                                                                              https://monitor.firefox.com/user/dashboardfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                		high
                                                                                                                                                                                                                https://versioncheck.addons.mozilla.org/update/VersionCheck.php?reqVersion=%REQ_VERSION%&id=%ITEM_IDfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                  https://monitor.firefox.com/aboutfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                    http://mozilla.org/MPL/2.0/.firefox.exe, 0000000E.00000003.1455487701.00000194FDCD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1514464368.00000194FDC81000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1452688425.00000194FDCFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1466337398.00000194FDDBD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1587444264.00000194FF025000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1453741725.00000194FDC92000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1521304094.00000194FDCF6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1586383650.00000194FF0B2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1584065842.00000195092CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1521304094.00000194FDCE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1521304094.00000194FDCFC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1608216999.00000195092CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1583147366.00000194FF412000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1532572196.00000194FF5EC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1558728624.00000195092CB000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1561560508.0000019504ECA000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1514464368.00000194FDCD2000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1456783935.00000194FDCE6000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1521967172.00000194FF5E1000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1602491630.00000194FD0A8000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1509604232.00000194FDDC3000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                      https://account.bellmedia.cfirefox.exe, 0000000E.00000003.1593487215.00000194FEF8A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                        http://youtube.com/firefox.exe, 0000000E.00000003.1443152752.00000194FE040000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                          https://login.microsoftonline.comfirefox.exe, 0000000E.00000003.1579347159.000001950025C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                            https://coverage.mozilla.orgfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                              http://crl.thawte.com/ThawteTimestampingCA.crl0gmpopenh264.dll.tmp.14.drfalse
                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                https://firefox-settings-attachments.cdn.mozilla.net/main-workspace/ms-images/f0f51715-7f5e-48de-839firefox.exe, 0000000E.00000003.1440707478.00000194FE2AD000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                  https://www.zhihu.com/firefox.exe, 0000000E.00000003.1602211299.00000194FD65A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                    http://x1.c.lencr.org/0firefox.exe, 0000000E.00000003.1561560508.0000019504EBA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                      http://x1.i.lencr.org/0firefox.exe, 0000000E.00000003.1561560508.0000019504EBA000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                        http://a9.com/-/spec/opensearch/1.1/firefox.exe, 0000000E.00000003.1442238136.0000019506999000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                          https://infra.spec.whatwg.org/#ascii-whitespacefirefox.exe, 0000000E.00000003.1522859883.0000019504D55000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                            https://blocked.cdn.mozilla.net/firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                              https://developer.mozilla.org/en-US/docs/Glossary/speculative_parsingDocumentWriteIgnoredfirefox.exe, 0000000E.00000003.1586383650.00000194FF0AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                https://json-schema.org/draft/2019-09/schemafirefox.exe, 0000000E.00000003.1560826626.0000019507313000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1441938291.000001950736C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                  http://developer.mozilla.org/en/docs/DOM:element.addEventListenerfirefox.exe, 0000000E.00000003.1577785080.0000019504E31000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                    https://duckduckgo.com/?t=ffab&q=firefox.exe, 0000000E.00000003.1444163746.00000194FE03C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                      https://profiler.firefox.comfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                        https://outlook.live.com/default.aspx?rru=compose&to=%sfirefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1543519417.00000194FC739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1400129764.00000194FC733000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                          https://identity.mozilla.com/apps/relayfirefox.exe, 0000000E.00000003.1593985364.00000194FEA75000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            		high
                                                                                                                                                                                                                                                            https://mozilla.cloudflare-dns.com/dns-queryfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              		high
                                                                                                                                                                                                                                                              https://support.mozilla.org/kb/refresh-firefox-reset-add-ons-and-settings2firefox.exe, 0000000E.00000003.1607736018.0000019504BAC000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1591259693.0000019504BAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                		high
                                                                                                                                                                                                                                                                https://bugzilla.mozilla.org/show_bug.cgi?id=1678448firefox.exe, 0000000E.00000003.1455648791.00000194FDC69000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1456724597.0000019505594000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1455648791.00000194FDC4F000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  		high
                                                                                                                                                                                                                                                                  https://mail.yahoo.co.jp/compose/?To=%sfirefox.exe, 0000000E.00000003.1603511648.00000194FB384000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1543519417.00000194FC739000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1400129764.00000194FC733000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    		high
                                                                                                                                                                                                                                                                    https://contile.services.mozilla.com/v1/tilesfirefox.exe, 0000000E.00000003.1444272711.00000194FDE96000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1428184529.0000019504FCD000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      		high
                                                                                                                                                                                                                                                                      https://www.amazon.co.uk/firefox.exe, 0000000E.00000003.1601270232.00000194FDB4A000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        		high
                                                                                                                                                                                                                                                                        https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/ms-language-packs/records/firefox.exe, 0000000E.00000003.1552497685.0000019509D70000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1608846283.00000195091E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1576796462.00000195091E9000.00000004.00000800.00020000.00000000.sdmp, firefox.exe, 0000000E.00000003.1553074300.00000195091E9000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          		high
                                                                                                                                                                                                                                                                          https://monitor.firefox.com/user/preferencesfirefox.exe, 00000010.00000002.3201651599.0000027B84310000.00000002.10000000.00040000.00000000.sdmp, firefox.exe, 00000012.00000002.3203891699.0000020591500000.00000002.08000000.00040000.00000000.sdmp, firefox.exe, 00000013.00000002.3201323355.000002A9EE8A0000.00000002.10000000.00040000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                            		high

                                                                                                                                                                                                                                                                            World Map of Contacted IPs

                                                                                                                                                                                                                                                                            • No. of IPs < 25%
                                                                                                                                                                                                                                                                            • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                            • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                            • 75% < No. of IPs

                                                                                                                                                                                                                                                                            Public IPs

                                                                                                                                                                                                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                            151.101.1.91
                                                                                                                                                                                                                                                                            		services.addons.mozilla.orgUnited States
                                                                                                                                                                                                                                                                            		54113FASTLYUSfalse
                                                                                                                                                                                                                                                                            34.149.100.209
                                                                                                                                                                                                                                                                            		prod.remote-settings.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                            34.107.243.93
                                                                                                                                                                                                                                                                            		push.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            142.250.181.110
                                                                                                                                                                                                                                                                            		youtube.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.107.221.82
                                                                                                                                                                                                                                                                            		prod.detectportal.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            35.244.181.201
                                                                                                                                                                                                                                                                            		prod.balrog.prod.cloudops.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.117.188.166
                                                                                                                                                                                                                                                                            		contile.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		139070GOOGLE-AS-APGoogleAsiaPacificPteLtdSGfalse
                                                                                                                                                                                                                                                                            35.201.103.21
                                                                                                                                                                                                                                                                            		normandy-cdn.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            35.190.72.216
                                                                                                                                                                                                                                                                            		prod.classify-client.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                            34.160.144.191
                                                                                                                                                                                                                                                                            		prod.content-signature-chains.prod.webservices.mozgcp.netUnited States
                                                                                                                                                                                                                                                                            		2686ATGS-MMD-ASUSfalse
                                                                                                                                                                                                                                                                            34.120.208.123
                                                                                                                                                                                                                                                                            		telemetry-incoming.r53-2.services.mozilla.comUnited States
                                                                                                                                                                                                                                                                            		15169GOOGLEUSfalse

                                                                                                                                                                                                                                                                            Private

                                                                                                                                                                                                                                                                            IP
                                                                                                                                                                                                                                                                            127.0.0.1

                                                                                                                                                                                                                                                                            General Information

                                                                                                                                                                                                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                            Analysis ID:1578932
                                                                                                                                                                                                                                                                            Start date and time:2024-12-20 16:55:40 +01:00
                                                                                                                                                                                                                                                                            Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                            Overall analysis duration:0h 8m 37s
                                                                                                                                                                                                                                                                            Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                            Report type:full
                                                                                                                                                                                                                                                                            Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                            Run name:Run with higher sleep bypass
                                                                                                                                                                                                                                                                            Number of analysed new started processes analysed:26
                                                                                                                                                                                                                                                                            Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                            Number of existing processes analysed:0
                                                                                                                                                                                                                                                                            Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                            Number of injected processes analysed:0
                                                                                                                                                                                                                                                                            Technologies:
                                                                                                                                                                                                                                                                            • HCA enabled
                                                                                                                                                                                                                                                                            • EGA enabled
                                                                                                                                                                                                                                                                            • AMSI enabled
                                                                                                                                                                                                                                                                            Analysis Mode:default
                                                                                                                                                                                                                                                                            Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                            Sample name:gTU8ed4669.exe
                                                                                                                                                                                                                                                                            renamed because original name is a hash value
                                                                                                                                                                                                                                                                            Original Sample Name:2177e5dd54a3815b8535b4e6902c1777.exe
                                                                                                                                                                                                                                                                            Detection:MAL
                                                                                                                                                                                                                                                                            Classification:mal80.troj.evad.winEXE@34/38@72/12
                                                                                                                                                                                                                                                                            EGA Information:
                                                                                                                                                                                                                                                                            • Successful, ratio: 40%
                                                                                                                                                                                                                                                                            HCA Information:
                                                                                                                                                                                                                                                                            • Successful, ratio: 96%
                                                                                                                                                                                                                                                                            • Number of executed functions: 51
                                                                                                                                                                                                                                                                            • Number of non-executed functions: 292
                                                                                                                                                                                                                                                                            Cookbook Comments:
                                                                                                                                                                                                                                                                            • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                            • Sleeps bigger than 100000000ms are automatically reduced to 1000ms
                                                                                                                                                                                                                                                                            • Sleep loops longer than 100000000ms are bypassed. Single calls with delay of 100000000ms and higher are ignored

                                                                                                                                                                                                                                                                            Warnings

                                                                                                                                                                                                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                                                            • Excluded IPs from analysis (whitelisted): 44.240.87.158, 52.40.120.141, 44.228.225.150, 172.217.17.46, 88.221.134.209, 88.221.134.155, 142.250.181.138, 13.107.246.63, 23.218.208.109, 20.109.210.53
                                                                                                                                                                                                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, shavar.prod.mozaws.net, ciscobinary.openh264.org, slscr.update.microsoft.com, otelrules.azureedge.net, otelrules.afd.azureedge.net, incoming.telemetry.mozilla.org, ctldl.windowsupdate.com, a17.rackcdn.com.mdc.edgesuite.net, detectportal.prod.mozaws.net, aus5.mozilla.org, fe3cr.delivery.mp.microsoft.com, a19.dscg10.akamai.net, redirector.gvt1.com, azureedge-t-prod.trafficmanager.net, safebrowsing.googleapis.com, location.services.mozilla.com
                                                                                                                                                                                                                                                                            • Execution Graph export aborted for target firefox.exe, PID 3764 because there are no executed function
                                                                                                                                                                                                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                            • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryAttributesFile calls found.
                                                                                                                                                                                                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                            • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                                                                                                                                            • VT rate limit hit for: gTU8ed4669.exe

                                                                                                                                                                                                                                                                            Simulations

                                                                                                                                                                                                                                                                            Behavior and APIs

                                                                                                                                                                                                                                                                            No simulations

                                                                                                                                                                                                                                                                            Joe Sandbox View / Context

                                                                                                                                                                                                                                                                            IPs

                                                                                                                                                                                                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                            34.117.188.166file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                  file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                          do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                            https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                              151.101.1.91do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                P0HV8mjHS1.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                  mdPov8VTwi.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                    nmy4mJXEaz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                        file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                              file.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                34.149.100.209ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                  http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                    do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                      https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                        tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                              fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                  34.160.144.191file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                    ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                        http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                            file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                              do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                  tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                                                                                                                                                    Domains

                                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                    example.orgghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                    do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                    https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                    tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                    kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    • 93.184.215.14
                                                                                                                                                                                                                                                                                                                                                    star-mini.c10r.facebook.comhttps://click.pstmrk.it/3s/veed.io%2Fshare-video-link%3Ftoken%3DeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzQ2MzE2NDgsImlhdCI6MTczNDYzMDc0OCwic3ViIjoiZmY0NTdiM2MtYjI3MC00YzA0LWEwOTEtYjY3ZDJkOGQ3ZTU1Iiwicm9sZXMiOltdLCJraWQiOiJwcm9qZWN0cy92ZWVkLXByb2Qtc2VydmVyL2xvY2F0aW9ucy9ldXJvcGUtd2VzdDEva2V5UmluZ3MvdmVlZC1wcm9kLWtleXJpbmcvY3J5cHRvS2V5cy92ZWVkLXByb2QtandrLWtleS9jcnlwdG9LZXlWZXJzaW9ucy8xIiwiZmVhdHVyZXMiOnt9LCJzY29wZXMiOltdfQ.f-EtSCYYeQiR4cEb8w5ABF3koXpbxl8QeFIarADkLP6q32DzsnFZl76Y98Uad7M8RBPPuOQOV9SUbCY1hRa4IbqV9_4cTm0v7DuBTCKOZbHN1NiATZOGw2BzdEMqIEfnNo5A_H2_DLVQZLtd6sZzcRoNBzbmcq2_xlzWgmqIErGV0VYXIb-Vac1b-3wmAgIyE-VS7Cd5aHYtVyiV9T5HfrpjPl7-M6dLIaQqm6103z7gO_qoKow1qbFmNgGaUsQED1CHbqo-hCgXzib7NToyu0Qq4kSl-2NEzgLMKy1zFR2J0E0vr9FHirjR9fmmDF2nk76Ht8L2WbV-dRyXZBZaUikfojo56vYWI9cfSQrG_awuFNR0M1s6dpPwumDM8sXlMZYt4u5WZaNcRZynPHXeqNZcdwKhlZrFN0U3B3U7B69avz_FlMxw6Or_0aeJkUP5YZP3wH-IIbwwa6es37u8G7gWYINEfp-pJlKV7klV1CcskLf_53iNx7MtxgvAXLMNZJ2tnuxY8W6w_E-pchjpNP2I5NV2Ui2_bNSgl3kBuX3oWsX0m_wL3MZ39pE3paPp2FAIgQPpZ5a0BhmPYsMk2IPPel2dll8j1IYBwHsZ5a1IHsHA6gTMWkJl-uhAjN4mnXo7Om0NWRZvfFvatgA4YCoTXdntM31GIZxAyWF9a14%26postLoginUrl%3D%252Fview%252F3ab9b7be-178c-4289-b29e-75921856f7f5%252F/oMlP/0SC6AQ/AQ/15f5e010-d260-490a-9e5d-79f5643b5481/1/HSOO9aL291Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                    ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                    http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                    http://mee6.xyzGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                    https://www.grapevine.org/join/next-gen-giving-circle-dcGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                    http://johnlewispartners.shopGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                    do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 157.240.196.35
                                                                                                                                                                                                                                                                                                                                                    YF3YnL4ksc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 31.13.88.35
                                                                                                                                                                                                                                                                                                                                                    twitter.comghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 104.244.42.1
                                                                                                                                                                                                                                                                                                                                                    http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                    • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                    • 104.244.42.193
                                                                                                                                                                                                                                                                                                                                                    do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 104.244.42.129

                                                                                                                                                                                                                                                                                                                                                    ASNs

                                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                    FASTLYUShttps://dnearymedahealthstaffing.wordpress.com/medahealthstaffing-proposal/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                    • 151.101.194.137
                                                                                                                                                                                                                                                                                                                                                    http://northwesthousingservices.discussripped.comGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                                                    • 151.101.66.137
                                                                                                                                                                                                                                                                                                                                                    mniscreenthinkinggoodforentiretimegoodfotbusubessthings.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                                                                                                                                                                                                                                                                                    • 151.101.1.137
                                                                                                                                                                                                                                                                                                                                                    58VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 185.199.108.133
                                                                                                                                                                                                                                                                                                                                                    https://postoffice.adobe.com/po-server/link/redirect?target=eyJhbGciOiJIUzUxMiJ9.eyJ0ZW1wbGF0ZSI6ImNjX2NvbGxhYl9kY3NoYXJpbmdfdmlld19lbWFpbCIsImVtYWlsQWRkcmVzcyI6ImJyaWFuLmh1dGNoaW5zQHJpdmVycm9jay5jb20iLCJyZXF1ZXN0SWQiOiJhYzIxMDNjZS03NDZkLTRmMTctNjBkYi00MzM5OWU3NzU5NGEiLCJsaW5rIjoiaHR0cHM6Ly9hY3JvYmF0LmFkb2JlLmNvbS9pZC91cm46YWFpZDpzYzpWQTZDMjplOTgwMjRmZi03NGRmLTRlNjctYjJkZi0wNWY0NTk4MTc4OWUiLCJsYWJlbCI6IjExIiwibG9jYWxlIjoicHRfQlIifQ.GzFDC4sqpVLEAHwIPLSleF4_d0iUGb4--dg-spPTHWsUGjt086-aN6bs1cEm-BfvTqQu97RqT5NU-RFwvTkvTAGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 151.101.1.138
                                                                                                                                                                                                                                                                                                                                                    Invoice for 04-09-24 fede39.admr.org.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 151.101.1.229
                                                                                                                                                                                                                                                                                                                                                    https://alphaarchitect.com/2024/12/long-term-expected-returns/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 199.232.168.157
                                                                                                                                                                                                                                                                                                                                                    Ocean-T2I4I8O9.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 185.199.108.153
                                                                                                                                                                                                                                                                                                                                                    https://click.pstmrk.it/3s/veed.io%2Fshare-video-link%3Ftoken%3DeyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJleHAiOjE3MzQ2MzE2NDgsImlhdCI6MTczNDYzMDc0OCwic3ViIjoiZmY0NTdiM2MtYjI3MC00YzA0LWEwOTEtYjY3ZDJkOGQ3ZTU1Iiwicm9sZXMiOltdLCJraWQiOiJwcm9qZWN0cy92ZWVkLXByb2Qtc2VydmVyL2xvY2F0aW9ucy9ldXJvcGUtd2VzdDEva2V5UmluZ3MvdmVlZC1wcm9kLWtleXJpbmcvY3J5cHRvS2V5cy92ZWVkLXByb2QtandrLWtleS9jcnlwdG9LZXlWZXJzaW9ucy8xIiwiZmVhdHVyZXMiOnt9LCJzY29wZXMiOltdfQ.f-EtSCYYeQiR4cEb8w5ABF3koXpbxl8QeFIarADkLP6q32DzsnFZl76Y98Uad7M8RBPPuOQOV9SUbCY1hRa4IbqV9_4cTm0v7DuBTCKOZbHN1NiATZOGw2BzdEMqIEfnNo5A_H2_DLVQZLtd6sZzcRoNBzbmcq2_xlzWgmqIErGV0VYXIb-Vac1b-3wmAgIyE-VS7Cd5aHYtVyiV9T5HfrpjPl7-M6dLIaQqm6103z7gO_qoKow1qbFmNgGaUsQED1CHbqo-hCgXzib7NToyu0Qq4kSl-2NEzgLMKy1zFR2J0E0vr9FHirjR9fmmDF2nk76Ht8L2WbV-dRyXZBZaUikfojo56vYWI9cfSQrG_awuFNR0M1s6dpPwumDM8sXlMZYt4u5WZaNcRZynPHXeqNZcdwKhlZrFN0U3B3U7B69avz_FlMxw6Or_0aeJkUP5YZP3wH-IIbwwa6es37u8G7gWYINEfp-pJlKV7klV1CcskLf_53iNx7MtxgvAXLMNZJ2tnuxY8W6w_E-pchjpNP2I5NV2Ui2_bNSgl3kBuX3oWsX0m_wL3MZ39pE3paPp2FAIgQPpZ5a0BhmPYsMk2IPPel2dll8j1IYBwHsZ5a1IHsHA6gTMWkJl-uhAjN4mnXo7Om0NWRZvfFvatgA4YCoTXdntM31GIZxAyWF9a14%26postLoginUrl%3D%252Fview%252F3ab9b7be-178c-4289-b29e-75921856f7f5%252F/oMlP/0SC6AQ/AQ/15f5e010-d260-490a-9e5d-79f5643b5481/1/HSOO9aL291Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 199.232.168.157
                                                                                                                                                                                                                                                                                                                                                    GOOGLE-AS-APGoogleAsiaPacificPteLtdSG58VSNPxrI4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 34.117.59.81
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                    ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                    https://pdf.ac/3eQ2mdGet hashmaliciousHTMLPhisher, Tycoon2FABrowse
                                                                                                                                                                                                                                                                                                                                                    • 34.117.39.58
                                                                                                                                                                                                                                                                                                                                                    http://112.31.189.32:40158Get hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                    • 34.117.121.53
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                    • 34.117.188.166
                                                                                                                                                                                                                                                                                                                                                    arm7.nn.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                                                                                                                                                                                    • 34.67.216.185
                                                                                                                                                                                                                                                                                                                                                    ATGS-MMD-ASUSmniscreenthinkinggoodforentiretimegoodfotbusubessthings.htaGet hashmaliciousCobalt StrikeBrowse
                                                                                                                                                                                                                                                                                                                                                    • 57.129.55.225
                                                                                                                                                                                                                                                                                                                                                    nshmpsl.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                    • 51.173.247.160
                                                                                                                                                                                                                                                                                                                                                    nsharm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                    • 34.0.71.142
                                                                                                                                                                                                                                                                                                                                                    nshsh4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                    • 48.200.113.249
                                                                                                                                                                                                                                                                                                                                                    SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 57.129.55.225
                                                                                                                                                                                                                                                                                                                                                    hmips.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                    • 51.238.254.102
                                                                                                                                                                                                                                                                                                                                                    SWIFT.xlsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 57.129.55.225
                                                                                                                                                                                                                                                                                                                                                    arm7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                    • 57.50.158.22
                                                                                                                                                                                                                                                                                                                                                    nsharm.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                                                    • 33.241.131.44

                                                                                                                                                                                                                                                                                                                                                    JA3 Fingerprints

                                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                    fb0aa01abe9d8e4037eb3473ca6e2dcafile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, zgRATBrowse
                                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                    ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, PureLog Stealer, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, Stealc, XmrigBrowse
                                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                    file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, PureLog Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                    do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                    https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                    tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91
                                                                                                                                                                                                                                                                                                                                                    kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                    • 35.244.181.201
                                                                                                                                                                                                                                                                                                                                                    • 34.149.100.209
                                                                                                                                                                                                                                                                                                                                                    • 34.160.144.191
                                                                                                                                                                                                                                                                                                                                                    • 34.120.208.123
                                                                                                                                                                                                                                                                                                                                                    • 151.101.1.91

                                                                                                                                                                                                                                                                                                                                                    Dropped Files

                                                                                                                                                                                                                                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                                                    C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)ghostspider.7zGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                      do.ps1Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                        https://walli.shanga.co/image/view/?id=1375Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                          tightvnc-2.8.59-gpl-setup-64bit.msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                                                            kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                              kjDPynh9vQ.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                  LbgqLv7gT7.exeGet hashmaliciousCredential FlusherBrowse
                                                                                                                                                                                                                                                                                                                                                                    fNlxQP0jBz.exeGet hashmaliciousCredential FlusherBrowse

                                                                                                                                                                                                                                                                                                                                                                      Created / dropped Files

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_7a7f4920-b438-4cac-8a15-6a9672b0b8ae.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):8056
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.175976301080152
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:JLKMXMOhcbhbVbTbfbRbObtbyEl7nArIJA6unSrDtTkdBSlx:JLPVcNhnzFSJgr71nSrDhkdBux
                                                                                                                                                                                                                                                                                                                                                                      MD5:3C8A3BF466C4AF5904C26CF1C5998A17
                                                                                                                                                                                                                                                                                                                                                                      SHA1:DE178AD6794ECDD146BD2EEBB9F7559E675ABBF6
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5D3337CBD47302ED6395E3C80BC88C01CEAA3FCE196A51A7F0F756E892E946C8
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:23147E1F53412CA6D9D5FFAC9C81258C21FEA0B9634D1CDC14A5C6CF309BEA6402205E69FB46C7E1DCF91A8A5E248C29462E06D4259D039ACAA75108C8549EAC
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"type":"uninstall","id":"7a7f4920-b438-4cac-8a15-6a9672b0b8ae","creationDate":"2024-12-20T17:11:08.265Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"73d066a5-c100-48bf-b029-480dc6f75d78","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                      C:\ProgramData\Mozilla-1de4eec8-1241-4177-a864-e594e8d1fb38\uninstall_ping_308046B0AF4A39CB_7a7f4920-b438-4cac-8a15-6a9672b0b8ae.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):8056
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.175976301080152
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:JLKMXMOhcbhbVbTbfbRbObtbyEl7nArIJA6unSrDtTkdBSlx:JLPVcNhnzFSJgr71nSrDhkdBux
                                                                                                                                                                                                                                                                                                                                                                      MD5:3C8A3BF466C4AF5904C26CF1C5998A17
                                                                                                                                                                                                                                                                                                                                                                      SHA1:DE178AD6794ECDD146BD2EEBB9F7559E675ABBF6
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:5D3337CBD47302ED6395E3C80BC88C01CEAA3FCE196A51A7F0F756E892E946C8
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:23147E1F53412CA6D9D5FFAC9C81258C21FEA0B9634D1CDC14A5C6CF309BEA6402205E69FB46C7E1DCF91A8A5E248C29462E06D4259D039ACAA75108C8549EAC
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"type":"uninstall","id":"7a7f4920-b438-4cac-8a15-6a9672b0b8ae","creationDate":"2024-12-20T17:11:08.265Z","version":4,"application":{"architecture":"x86-64","buildId":"20230927232528","name":"Firefox","version":"118.0.1","displayVersion":"118.0.1","vendor":"Mozilla","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","channel":"release"},"payload":{"otherInstalls":0},"clientId":"73d066a5-c100-48bf-b029-480dc6f75d78","environment":{"build":{"applicationId":"{ec8030f7-c20a-464f-9b0e-13a3a9e97384}","applicationName":"Firefox","architecture":"x86-64","buildId":"20230927232528","version":"118.0.1","vendor":"Mozilla","displayVersion":"118.0.1","platformVersion":"118.0.1","xpcomAbi":"x86_64-msvc","updaterAvailable":true},"partner":{"distributionId":null,"distributionVersion":null,"partnerId":null,"distributor":null,"distributorChannel":null,"partnerNames":[]},"system":{"memoryMB":8191,"virtualMaxMB":134217728,"cpu":{"isWindowsSMode":false,"count":4,"cores":2,"vendor":"GenuineIntel","name":"I

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ISO Media, MP4 Base Media v1 [ISO 14496-12:2003]
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.4593089050301797
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:9SP0nUgwyZXYI65yFRX2D3GNTTfyn0Mk1iA:9SDKaIjo3UzyE1L
                                                                                                                                                                                                                                                                                                                                                                      MD5:D910AD167F0217587501FDCDB33CC544
                                                                                                                                                                                                                                                                                                                                                                      SHA1:2F57441CEFDC781011B53C1C5D29AC54835AFC1D
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F1871BF28FF25EE52BDB99C7A80AB715C7CAC164DCD2FD87E681168EE927FD2C5E80E03C91BB638D955A4627213BF575FF4D9EECAEDA7718C128CF2CE8F7CB3D
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:... ftypisom....isomiso2avc1mp41....free....mdat..........E...H..,. .#..x264 - core 152 r2851 ba24899 - H.264/MPEG-4 AVC codec - Copyleft 2003-2017 - http://www.videolan.org/x264.html - options: cabac=1 ref=3 deblock=1:0:0 analyse=0x3:0x113 me=hex subme=7 psy=1 psy_rd=1.00:0.00 mixed_ref=1 me_range=16 chroma_me=1 trellis=1 8x8dct=1 cqm=0 deadzone=21,11 fast_pskip=1 chroma_qp_offset=-2 threads=4 lookahead_threads=1 sliced_threads=0 nr=0 decimate=1 interlaced=0 bluray_compat=0 constrained_intra=0 bframes=3 b_pyramid=2 b_adapt=1 b_bias=0 direct=1 weightb=1 open_gop=0 weightp=2 keyint=250 keyint_min=25 scenecut=40 intra_refresh=0 rc_lookahead=40 rc=crf mbtree=1 crf=23.0 qcomp=0.60 qpmin=0 qpmax=69 qpstep=4 ip_ratio=1.40 aq=1:1.00......e...+...s|.kG3...'.u.."...,J.w.~.d\..(K....!.+..;....h....(.T.*...M......0..~L..8..B..A.y..R..,.zBP.';j.@.].w..........c......C=.'f....gI.$^.......m5V.L...{U..%V[....8......B..i..^,....:...,..5.m.%dA....moov...lmvhd...................(...........

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Local\Temp\tmpaddon

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Zip archive data, at least v2.0 to extract, compression method=deflate
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):453023
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):7.997718157581587
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:true
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:tESTeqTI2r4ZbCgUKWKNeRcPMb6qlV7hVZe3:tEsed2Xh9/bdzZe3
                                                                                                                                                                                                                                                                                                                                                                      MD5:85430BAED3398695717B0263807CF97C
                                                                                                                                                                                                                                                                                                                                                                      SHA1:FFFBEE923CEA216F50FCE5D54219A188A5100F41
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A9F4281F82B3579581C389E8583DC9F477C7FD0E20C9DFC91A2E611E21E3407E
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:06511F1F6C6D44D076B3C593528C26A602348D9C41689DBF5FF716B671C3CA5756B12CB2E5869F836DEDCE27B1A5CFE79B93C707FD01F8E84B620923BB61B5F1
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:PK.........bN...R..........gmpopenh264.dll..|.E.0.=..I.....1....4f1q.`.........q.....'+....h*m{.z..o_.{w........$..($A!...|L...B&A2.s.{..Dd......c.U.U..9u.S...K.l`...../.d.-....|.....&....9......wn..x......i.#O.+.Y.l......+....,3.3f..\..c.SSS,............N...GG...F.'.&.:'.K.Z&.>.@.g..M...M.`...*.........ZR....^jg.G.Kb.o~va.....<Z..1.#.O.e.....D..X..i..$imBW..Q&.......P.....,M.,..:.c...-...\......*.....-i.K.I..4.a..6..*...Ov=...W..F.CH.>...a.'.x...#@f...d..u.1....OV.1o}....g.5.._.3.J.Hi.Z.ipM....b.Z....%.G..F................/..3.q..J.....o...%.g.N.*.}..).3.N%.!..q*........^I.m..~...6.#.~+.....A...I]r...x..*.<IYj....p0..`S.M@.E..f.=.;!.@.....E..E....... .0.n....Jd..d......uM.-.qI.lR..z..=}..r.D.XLZ....x.$..|c.1.cUkM.&.Qn]..a]t.h..*.!.6 7..Jd.DvKJ"Wgd*%n...w...Jni.inmr.@M.$'Z.s....#)%..Rs..:.h....R....\..t.6..'.g.........Uj+F.cr:|..!..K.W.Y...17......,....r.....>.N..3.R.Y.._\...Ir.DNJdM... .k...&V-....z.%...-...D..i..&...6....7.2T).>..0..%.&.

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\40371339ad31a7e6.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.3186501036667937
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:AvdfDUAGTIUx2dWoM15XLN8zm7vdfDUAGswM+bpoqdWoM15XLFX1Rgm9vdfDUAGd:SdX/UgdwszgdXJ6Bdw82dXpadwe1
                                                                                                                                                                                                                                                                                                                                                                      MD5:552E384F04A07A30F170D82175ED2C75
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1C3FF045565A3481B1963A377DA60391E38244B5
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1091833C8F63844E3D6CCC921DB8829BA63C3C7DFFB835D43B576C8E92B602D4
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FACD237E7FCDAA7AD0A69ABABA4253442934DA5E22551829B8AFBCA9FC0BB58DA248CF947E36DC0B636BA9BFD13960B959C5E3B18DAD2EB1E303A349E83347C7
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:...................................FL..................F.@.. ...p.......D...R..........S...........................P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.Y".....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y".............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y!...............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z........... .......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\6824f4a902c78fbd.customDestinations-ms (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.3186501036667937
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:AvdfDUAGTIUx2dWoM15XLN8zm7vdfDUAGswM+bpoqdWoM15XLFX1Rgm9vdfDUAGd:SdX/UgdwszgdXJ6Bdw82dXpadwe1
                                                                                                                                                                                                                                                                                                                                                                      MD5:552E384F04A07A30F170D82175ED2C75
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1C3FF045565A3481B1963A377DA60391E38244B5
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1091833C8F63844E3D6CCC921DB8829BA63C3C7DFFB835D43B576C8E92B602D4
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FACD237E7FCDAA7AD0A69ABABA4253442934DA5E22551829B8AFBCA9FC0BB58DA248CF947E36DC0B636BA9BFD13960B959C5E3B18DAD2EB1E303A349E83347C7
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:...................................FL..................F.@.. ...p.......D...R..........S...........................P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.Y".....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y".............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y!...............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z........... .......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\9JZTIMAMP39FFQER648A.temp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:modified
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.3186501036667937
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:AvdfDUAGTIUx2dWoM15XLN8zm7vdfDUAGswM+bpoqdWoM15XLFX1Rgm9vdfDUAGd:SdX/UgdwszgdXJ6Bdw82dXpadwe1
                                                                                                                                                                                                                                                                                                                                                                      MD5:552E384F04A07A30F170D82175ED2C75
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1C3FF045565A3481B1963A377DA60391E38244B5
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1091833C8F63844E3D6CCC921DB8829BA63C3C7DFFB835D43B576C8E92B602D4
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FACD237E7FCDAA7AD0A69ABABA4253442934DA5E22551829B8AFBCA9FC0BB58DA248CF947E36DC0B636BA9BFD13960B959C5E3B18DAD2EB1E303A349E83347C7
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:...................................FL..................F.@.. ...p.......D...R..........S...........................P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.Y".....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y".............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y!...............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z........... .......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\L0C0POKQE3HC34IG8KWL.temp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5488
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.3186501036667937
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:AvdfDUAGTIUx2dWoM15XLN8zm7vdfDUAGswM+bpoqdWoM15XLFX1Rgm9vdfDUAGd:SdX/UgdwszgdXJ6Bdw82dXpadwe1
                                                                                                                                                                                                                                                                                                                                                                      MD5:552E384F04A07A30F170D82175ED2C75
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1C3FF045565A3481B1963A377DA60391E38244B5
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1091833C8F63844E3D6CCC921DB8829BA63C3C7DFFB835D43B576C8E92B602D4
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FACD237E7FCDAA7AD0A69ABABA4253442934DA5E22551829B8AFBCA9FC0BB58DA248CF947E36DC0B636BA9BFD13960B959C5E3B18DAD2EB1E303A349E83347C7
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:...................................FL..................F.@.. ...p.......D...R..........S...........................P.O. .:i.....+00.../C:\.....................1.....EWXX..PROGRA~1..t......O.I.Y".....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....h.1.....CW.X..MOZILL~1..P......CW}W.Y".............................>.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.....b.2..S..<W,. .firefox.exe.H......CW}W.Y!...............................f.i.r.e.f.o.x...e.x.e.......[...............-.......Z........... .......C:\Program Files\Mozilla Firefox\firefox.exe....O.p.e.n. .a. .n.e.w. .b.r.o.w.s.e.r. .t.a.b.....-.n.e.w.-.t.a.b. .a.b.o.u.t.:.b.l.a.n.k.,.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.M.o.z.i.l.l.a. .F.i.r.e.f.o.x.\.f.i.r.e.f.o.x...e.x.e.........%ProgramFiles%\Mozilla Firefox\firefox.exe................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\ExperimentStoreData.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):6150
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.938168363770426
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:dLFS+OuPUkOdwiOdEiooslH5jV/ZiwBhZ0Xj3LZp8P:HFMXihslH5jVhiwBrj
                                                                                                                                                                                                                                                                                                                                                                      MD5:8A6EE3556055AF492DC1A7E075445391
                                                                                                                                                                                                                                                                                                                                                                      SHA1:0372DD3BA5D06D0ECFA13946C917D3734E70ECD8
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:883FCF1E7707EACCA289682F57C024A989E35DD12E3329147B39084F9851E2D0
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F994FD8CF2730B8BDF4566A18137C808353043BE959FD226EA207315E7984CF7FDF1B52CFCA498E45328C04CC7562F372BEE8416112F063B9F230A407BC3EF47
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"7bc86eac-c05c-4545-a5e5-03a2503c064a","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T10:58:21.623Z","featureIds":["bookmarks"],"prefs":[],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"cd0a25e7-ded7-4f19-86ce-bb010938a092","experimentType":"r

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\ExperimentStoreData.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):6150
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.938168363770426
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:dLFS+OuPUkOdwiOdEiooslH5jV/ZiwBhZ0Xj3LZp8P:HFMXihslH5jVhiwBrj
                                                                                                                                                                                                                                                                                                                                                                      MD5:8A6EE3556055AF492DC1A7E075445391
                                                                                                                                                                                                                                                                                                                                                                      SHA1:0372DD3BA5D06D0ECFA13946C917D3734E70ECD8
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:883FCF1E7707EACCA289682F57C024A989E35DD12E3329147B39084F9851E2D0
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:F994FD8CF2730B8BDF4566A18137C808353043BE959FD226EA207315E7984CF7FDF1B52CFCA498E45328C04CC7562F372BEE8416112F063B9F230A407BC3EF47
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"bookmarks-toolbar-default-on":{"slug":"bookmarks-toolbar-default-on","branch":{"slug":"control","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{},"enabled":true,"featureId":"bookmarks"}]},"active":true,"enrollmentId":"7bc86eac-c05c-4545-a5e5-03a2503c064a","experimentType":"nimbus","source":"rs-loader","userFacingName":"Bookmarks Toolbar Default On","userFacingDescription":"An experiment that turns the bookmarks toolbar on by default.","lastSeen":"2023-10-05T10:58:21.623Z","featureIds":["bookmarks"],"prefs":[],"isRollout":false},"csv-import-release-rollout":{"slug":"csv-import-release-rollout","branch":{"slug":"enable-csv-import","ratio":1,"feature":{"value":{},"enabled":false,"featureId":"this-is-included-for-desktop-pre-95-support"},"features":[{"value":{"csvImport":true},"enabled":true,"featureId":"cm-csv-import"}]},"active":true,"enrollmentId":"cd0a25e7-ded7-4f19-86ce-bb010938a092","experimentType":"r

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\addonStartup.json.lz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5317
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.6001890334338125
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6q+m:zTx2x2t0FDJ4NpkuvjdeplTMHm
                                                                                                                                                                                                                                                                                                                                                                      MD5:BB43EF1E7A5E32AB89416BF2B4856129
                                                                                                                                                                                                                                                                                                                                                                      SHA1:FB32DEEB5BAC138A427FFD4728327A68E18FAD82
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FFA8720630B79E63B854F6EB1C17BFEC588294DF4C87EACC2FF1DC80DDC7CF0A
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:AA1CC532C583C70EA2332E19D261B3CE13C159B11DBC0D7DD9BE38594BE6060A30929ECA0B1938498A5A271BE4772E78B75CB9BD4D52D33DE094182DF52DCB10
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\addonStartup.json.lz4.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 22422 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):5317
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.6001890334338125
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:96:z2YbKsKNU2xWrp327tGmD4wBON6h6cHAHJVauvjZHjkTymdS1/qTMg6q+m:zTx2x2t0FDJ4NpkuvjdeplTMHm
                                                                                                                                                                                                                                                                                                                                                                      MD5:BB43EF1E7A5E32AB89416BF2B4856129
                                                                                                                                                                                                                                                                                                                                                                      SHA1:FB32DEEB5BAC138A427FFD4728327A68E18FAD82
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FFA8720630B79E63B854F6EB1C17BFEC588294DF4C87EACC2FF1DC80DDC7CF0A
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:AA1CC532C583C70EA2332E19D261B3CE13C159B11DBC0D7DD9BE38594BE6060A30929ECA0B1938498A5A271BE4772E78B75CB9BD4D52D33DE094182DF52DCB10
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40..W....{"app-system-defaults":{"addon....formautofill@mozilla.org&..Gdependencies":[],"enabled":true,"lastModifiedTime":1695865283000,"loader":null,"path":s.....xpi","recommendationStateA...rootURI":"jar:file:///C:/Program%20Files/M.......refox/browser/features/...... !/...unInSafeMode..wsignedD...telemetryKey..7%40R...:1.0.1","version":"..`},"pic..#in.....T.n..w...........S.......(.[......0....0"},"screenshots..T.r.....[.......(.V....-39.......},"webcompat-reporter...Ofals..&.z.....[.......(.]....=1.5.............<.)....p....d......1.z.!18...5.....startupData...pX.astentL..!er...webRequest%..onBefore...[[{"incognitoi.UtabId..!yp...."main_frame"],"url...."*://login.microsoftonline.com/*","..@us/*L.dwindows...},["blocking"]],...Iimag...https://smartT.".f.....etp/facebook.svg",...Aplay*....8`script...P.....-....-testbed.herokuapp\.`shims_..3.jsh.bexampl|.......Pexten{..Q../?..s...S.J/_2..@&_3U..s7.addthis . ic...officialK......-angularjs/current/dist(..t.min.js...track.adB...net/s

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\addons.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                      MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\addons.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):24
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):3.91829583405449
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YWGifTJE6iHQ:YWGif9EE
                                                                                                                                                                                                                                                                                                                                                                      MD5:3088F0272D29FAA42ED452C5E8120B08
                                                                                                                                                                                                                                                                                                                                                                      SHA1:C72AA542EF60AFA3DF5DFE1F9FCC06C0B135BE23
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D587CEC944023447DC91BC5F71E2291711BA5ADD337464837909A26F34BC5A06
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:B662414EDD6DEF8589304904263584847586ECCA0B0E6296FB3ADB2192D92FB48697C99BD27C4375D192150E3F99102702AF2391117FFF50A9763C74C193D798
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schema":6,"addons":[]}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\content-prefs.sqlite

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 5, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 8, cookie 0x6, schema 4, largest root page 8, UTF-8, vacuum mode 1, version-valid-for 5
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):262144
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.04905391753567332
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:DLivwae+Q8Uu50xj0aWe9LxYkKA25Q5tvAA:D6wae+QtMImelekKDa5
                                                                                                                                                                                                                                                                                                                                                                      MD5:DD9D28E87ED57D16E65B14501B4E54D1
                                                                                                                                                                                                                                                                                                                                                                      SHA1:793839B47326441BE2D1336BA9A61C9B948C578D
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:BB4E6C58C50BD6399ED70468C02B584595C29F010B66F864CD4D6B427FA365BC
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A2626F6A3CBADE62E38DA5987729D99830D0C6AA134D4A9E615026A5F18ACBB11A2C3C80917DAD76DA90ED5BAA9B0454D4A3C2DD04436735E78C974BA1D035B1
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......|....~.}.}z}-|.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\crashes\store.json.mozlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\crashes\store.json.mozlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 56 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):66
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.837595020998689
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:3fX/xH8IXl/I3v0lb7iioW:vXpH1RPXt
                                                                                                                                                                                                                                                                                                                                                                      MD5:A6338865EB252D0EF8FCF11FA9AF3F0D
                                                                                                                                                                                                                                                                                                                                                                      SHA1:CECDD4C4DCAE10C2FFC8EB938121B6231DE48CD3
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:078648C042B9B08483CE246B7F01371072541A2E90D1BEB0C8009A6118CBD965
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D950227AC83F4E8246D73F9F35C19E88CE65D0CA5F1EF8CCBB02ED6EFC66B1B7E683E2BA0200279D7CA4B49831FD8C3CEB0584265B10ACCFF2611EC1CA8C0C6C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.8.....{"v":1,"crashes":{},"countsByDay....rruptDate":null}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\extensions.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.1853922070675935
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:768:YI4dvfBXf4H6J4/4nN4O4amoavf4w4lB484QS4S4T:Y9mtvq
                                                                                                                                                                                                                                                                                                                                                                      MD5:A51B8E1B0ED704E954E172A7E926B5A6
                                                                                                                                                                                                                                                                                                                                                                      SHA1:EE8C7A958C82763917A79E242C76932B887759D8
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C4778491FA50712379FB7482F4D5F609EE0613A95E1ABCEDD9F6DE3302832C66
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D81C254A47EBE59CF4943EA1100CD688B45257B2D20AEE59BC0A8251B3BF1894F85B80248FA60259DD051819B7C4B68182D0AFD30ADFAD311042B3F131C8AF25
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{8defec20-1d2a-4e92-a8ca-6ec63d483a92}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\extensions.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):36830
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.1853922070675935
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:768:YI4dvfBXf4H6J4/4nN4O4amoavf4w4lB484QS4S4T:Y9mtvq
                                                                                                                                                                                                                                                                                                                                                                      MD5:A51B8E1B0ED704E954E172A7E926B5A6
                                                                                                                                                                                                                                                                                                                                                                      SHA1:EE8C7A958C82763917A79E242C76932B887759D8
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:C4778491FA50712379FB7482F4D5F609EE0613A95E1ABCEDD9F6DE3302832C66
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D81C254A47EBE59CF4943EA1100CD688B45257B2D20AEE59BC0A8251B3BF1894F85B80248FA60259DD051819B7C4B68182D0AFD30ADFAD311042B3F131C8AF25
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"schemaVersion":35,"addons":[{"id":"formautofill@mozilla.org","syncGUID":"{8defec20-1d2a-4e92-a8ca-6ec63d483a92}","version":"1.0.1","type":"extension","loader":null,"updateURL":null,"installOrigins":null,"manifestVersion":2,"optionsURL":null,"optionsType":null,"optionsBrowserStyle":true,"aboutURL":null,"defaultLocale":{"name":"Form Autofill","creator":null,"developers":null,"translators":null,"contributors":null},"visible":true,"active":true,"userDisabled":false,"appDisabled":false,"embedderDisabled":false,"installDate":1695865283000,"updateDate":1695865283000,"applyBackgroundUpdates":1,"path":"C:\\Program Files\\Mozilla Firefox\\browser\\features\\formautofill@mozilla.org.xpi","skinnable":false,"sourceURI":null,"releaseNotesURI":null,"softDisabled":false,"foreignInstall":false,"strictCompatibility":true,"locales":[],"targetApplications":[{"id":"toolkit@mozilla.org","minVersion":null,"maxVersion":null}],"targetPlatforms":[],"signedDate":null,"seen":true,"dependencies":[],"incognito":"

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\favicons.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.017262956703125623
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
                                                                                                                                                                                                                                                                                                                                                                      MD5:B7C14EC6110FA820CA6B65F5AEC85911
                                                                                                                                                                                                                                                                                                                                                                      SHA1:608EEB7488042453C9CA40F7E1398FC1A270F3F4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                      MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Joe Sandbox View:
                                                                                                                                                                                                                                                                                                                                                                      • Filename: ghostspider.7z, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: do.ps1, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: tightvnc-2.8.59-gpl-setup-64bit.msi, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: kjDPynh9vQ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: kjDPynh9vQ.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: fNlxQP0jBz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: LbgqLv7gT7.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      • Filename: fNlxQP0jBz.exe, Detection: malicious, Browse
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.dll.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:PE32+ executable (DLL) (GUI) x86-64, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1021904
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.648417932394748
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12288:vYLdTfFKbNSjv92eFN+3wH+NYriA0Iq6lh6VawYIpAvwHN/Uf1h47HAfg1oet:vYLdTZ923NYrjwNpgwef1hzfg1x
                                                                                                                                                                                                                                                                                                                                                                      MD5:FE3355639648C417E8307C6D051E3E37
                                                                                                                                                                                                                                                                                                                                                                      SHA1:F54602D4B4778DA21BC97C7238FC66AA68C8EE34
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:1ED7877024BE63A049DA98733FD282C16BD620530A4FB580DACEC3A78ACE914E
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:8F4030BB2464B98ECCBEA6F06EB186D7216932702D94F6B84C56419E9CF65A18309711AB342D1513BF85AED402BC3535A70DB4395874828F0D35C278DD2EAC9C
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Antivirus:
                                                                                                                                                                                                                                                                                                                                                                      • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                                                                                                                                                                      Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......NH...)...)...)..eM...)..eM...)..eM..)..eM...)...)..i)..XA...)..XA..;)..XA...)...)..g)..cA...)..cA...)..Rich.)..........PE..d....z\.........." .....t................................................................`.........................................P...,...|...(............P...H...z.................T...........................0...................p............................text...$s.......t.................. ..`.rdata...~...........x..............@..@.data....3..........................@....pdata...H...P...J..................@..@.rodata..............^..............@..@.reloc...............j..............@..B........................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\gmp-gmpopenh264\1.8.1.2\gmpopenh264.info.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):116
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.968220104601006
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:C3OuN9RAM7VDXcEzq+rEakOvTMBv+FdBAIABv+FEn:0BDUmHlvAWeWEn
                                                                                                                                                                                                                                                                                                                                                                      MD5:3D33CDC0B3D281E67DD52E14435DD04F
                                                                                                                                                                                                                                                                                                                                                                      SHA1:4DB88689282FD4F9E9E6AB95FCBB23DF6E6485DB
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:F526E9F98841D987606EFEAFF7F3E017BA9FD516C4BE83890C7F9A093EA4C47B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A4A96743332CC8EF0F86BC2E6122618BFC75ED46781DADBAC9E580CD73DF89E74738638A2CCCB4CAA4CBBF393D771D7F2C73F825737CDB247362450A0D4A4BC1
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:Name: gmpopenh264.Description: GMP Plugin for OpenH264..Version: 1.8.1.APIs: encode-video[h264], decode-video[h264].

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\permissions.sqlite

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, file counter 4, database pages 3, cookie 0x2, schema 4, UTF-8, version-valid-for 4
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):98304
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.07338695179673393
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:12:DBl/A0OWla0mwPxRymgObsCVR45wcYR4fmnsCVR4zkib1:DLhesh7Owd4+jib1
                                                                                                                                                                                                                                                                                                                                                                      MD5:6AB0D132312164E21BB3D800156E2535
                                                                                                                                                                                                                                                                                                                                                                      SHA1:282B299410672F20EFE18ED3273581E0D95D41D4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:A0A9206DA19D8FA8F127CD56C30D7A93154240396F882B7218FE83930D3EB10C
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:75AFB0CF104F6AED90DBC05D0842A53D4CE47CA7D2A8C512A140949C239996080A3A6E68883E5EE6ACCCD84C38548E6F72E3FF0E0FE510EB9537B85243D382CA
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j......~s..F~s........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\places.sqlite-shm

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):32768
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.039254450750498646
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:GHlhVAMSSBYklYllHlhVAMSSBYk/4l8a9//Ylll4llqlyllel4lt:G7VAMSCW/7VAMSCAL9XIwlio
                                                                                                                                                                                                                                                                                                                                                                      MD5:383CED35B981DFFF37B605260B92CACA
                                                                                                                                                                                                                                                                                                                                                                      SHA1:518D4CFF37E61887240B996C4D0506A7AE78C463
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:81B94087285CCA489325CAE2DBDD630925DF73A739DD962E83B2E7E4EA2E42AD
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:45632742C9CA6063E53A78C239F7FDB68ABFF9E4C6EB0190102009B9C38B3EC608C7E0EE7EB63B4312C1ABE6F448A7C7300F521468BD07055758F76BFB853CC5
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:..-.....................m...7o.- B.bB.].|...K....-.....................m...7o.- B.bB.].|...K..........................................................'...............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\places.sqlite-wal

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite Write-Ahead Log, version 3007000
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):163992
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.1174660609586298
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:K71+fkLsLxsZ+BHjxsMlukAUCFoBWUChe7CCQE/jKClpOCRxsa0FwlEVZ2i7+:TMLYQMFJuvgW1eU6P3V0G8Zk
                                                                                                                                                                                                                                                                                                                                                                      MD5:6D38221CA8DA6C54FFF77F8A2962A147
                                                                                                                                                                                                                                                                                                                                                                      SHA1:BD3B53E428DF892319BED96AE35FBE59AEC563B2
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:D4CFA3E1FEB9E9365BCB32CAD96A020355A88C8AE0E5326E327D6E51B63D9804
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FD0EBDA97D9098934262017BC08B11791A272F316C70AADA746ADEB6B1092462AD9CBD753AF71FCE493EA1DF053D58EFD2DB0485A23BC619073B15CC07ED2491
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:7....-.......... B.bB.].8.E3.o.......... B.bB.].0.K.l...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\prefs-1.js

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1765), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):13990
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.468640033544056
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:nkngRHsE1ibqp6lPQ77QCVUgaXb6ilWK/4aZE5R3NBw8dWkSl:neAwQPQCVUQilTVefwZk0
                                                                                                                                                                                                                                                                                                                                                                      MD5:9FDFD8C1B795076B3EDB7B396BB6C33F
                                                                                                                                                                                                                                                                                                                                                                      SHA1:B1A985EF07677D25A50AB1641A347E446242D95C
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:6CA599A4A4940772113BB75FD8579EF3DD593BC11C663DC5D0CED0253743C0CC
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:67BA7367A4B59081D523CBD9B39773FA30CC7AA681986A38467F82653E5553426FEB7F72911DE5829123476AA798CA103B4709E3F4BFD416F4D27B42DF456F51
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "4cbb0eca-22b0-45bf-8c7b-17c3580947ca");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734714638);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734714638);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734714638);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173471

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\prefs.js (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:ASCII text, with very long lines (1765), with CRLF line terminators
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):13990
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.468640033544056
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:192:nkngRHsE1ibqp6lPQ77QCVUgaXb6ilWK/4aZE5R3NBw8dWkSl:neAwQPQCVUQilTVefwZk0
                                                                                                                                                                                                                                                                                                                                                                      MD5:9FDFD8C1B795076B3EDB7B396BB6C33F
                                                                                                                                                                                                                                                                                                                                                                      SHA1:B1A985EF07677D25A50AB1641A347E446242D95C
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:6CA599A4A4940772113BB75FD8579EF3DD593BC11C663DC5D0CED0253743C0CC
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:67BA7367A4B59081D523CBD9B39773FA30CC7AA681986A38467F82653E5553426FEB7F72911DE5829123476AA798CA103B4709E3F4BFD416F4D27B42DF456F51
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "4cbb0eca-22b0-45bf-8c7b-17c3580947ca");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.backgroundErrors", 2);..user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1734714638);..user_pref("app.update.lastUpdateTime.background-update-timer", 1734714638);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1734714638);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 173471

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\protections.sqlite

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 1, last written using SQLite version 3042000, page size 32768, file counter 5, database pages 2, cookie 0x1, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):65536
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):0.04062825861060003
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:6:ltBl/l4/WN1h4BEJYqWvLue3FMOrMZ0l:DBl/WuntfJiFxMZO
                                                                                                                                                                                                                                                                                                                                                                      MD5:18F65713B07CB441E6A98655B726D098
                                                                                                                                                                                                                                                                                                                                                                      SHA1:2CEFA32BC26B25BE81C411B60C9925CB0F1F8F88
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:B6C268E48546B113551A5AF9CA86BB6A462A512DE6C9289315E125CEB0FD8621
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:A6871076C7D7ED53B630F9F144ED04303AD54A2E60B94ECA2AA96964D1AB375EEFDCA86CE0D3EB0E9DBB81470C6BD159877125A080C95EB17E54A52427F805FB
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.......x..x..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\sessionCheckpoints.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                      MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                      SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\sessionCheckpoints.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):90
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):4.194538242412464
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:3:YVXKQJAyiVLQwJtJDBA+AJ2LKZXJ3YFwHY:Y9KQOy6Lb1BA+m2L69Yr
                                                                                                                                                                                                                                                                                                                                                                      MD5:C4AB2EE59CA41B6D6A6EA911F35BDC00
                                                                                                                                                                                                                                                                                                                                                                      SHA1:5942CD6505FC8A9DABA403B082067E1CDEFDFBC4
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:00AD9799527C3FD21F3A85012565EAE817490F3E0D417413BF9567BB5909F6A2
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:71EA16900479E6AF161E0AAD08C8D1E9DED5868A8D848E7647272F3002E2F2013E16382B677ABE3C6F17792A26293B9E27EC78E16F00BD24BA3D21072BD1CAE2
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"profile-after-change":true,"final-ui-startup":true,"sessionstore-windows-restored":true}

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\sessionstore-backups\recovery.baklz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1566
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.329216041633542
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:v+USUGlcAxS4ILXnIg2/pnxQwRlszT5sKpL80E3eHVPGVXTframhujJXXYzOBaFI:GUpOx2GnR6R63eQZTfr4JHaTv4R
                                                                                                                                                                                                                                                                                                                                                                      MD5:8B841093C0B393A2EA8B3615E0B1C3A0
                                                                                                                                                                                                                                                                                                                                                                      SHA1:7B9EAE7737053946DBFDFA46F4B8DB6F291CF275
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:65233769F1C6E47DD55FA94705D0EC824FB234831D7C33676A3E4813F26594D8
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FBE37FCFA360C5A119A3C8EF1DAF09EF843C01D2556FFFA494EE990D85830CCF8C5F25748A73029DA0164A46E072E832DC68A828D4C68F136FFD1709C8844B6B
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{01d0592b-9ab2-40b6-81b5-01dec8f92a8a}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734714644305,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...901dfca9-0933-49dd-b8ad-c128d9fd5ae7","zD..1...Wm..l........j..:....1":{..jUpdate...6,"startTim..P07840...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A51e19de0ffa8528fa1d4335ed7f73fa3f4df6437c31aaee3b1be0ea3fc874673","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...12880,"originA...

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\sessionstore-backups\recovery.jsonlz4 (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1566
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.329216041633542
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:v+USUGlcAxS4ILXnIg2/pnxQwRlszT5sKpL80E3eHVPGVXTframhujJXXYzOBaFI:GUpOx2GnR6R63eQZTfr4JHaTv4R
                                                                                                                                                                                                                                                                                                                                                                      MD5:8B841093C0B393A2EA8B3615E0B1C3A0
                                                                                                                                                                                                                                                                                                                                                                      SHA1:7B9EAE7737053946DBFDFA46F4B8DB6F291CF275
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:65233769F1C6E47DD55FA94705D0EC824FB234831D7C33676A3E4813F26594D8
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FBE37FCFA360C5A119A3C8EF1DAF09EF843C01D2556FFFA494EE990D85830CCF8C5F25748A73029DA0164A46E072E832DC68A828D4C68F136FFD1709C8844B6B
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{01d0592b-9ab2-40b6-81b5-01dec8f92a8a}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734714644305,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...901dfca9-0933-49dd-b8ad-c128d9fd5ae7","zD..1...Wm..l........j..:....1":{..jUpdate...6,"startTim..P07840...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A51e19de0ffa8528fa1d4335ed7f73fa3f4df6437c31aaee3b1be0ea3fc874673","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...12880,"originA...

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\sessionstore-backups\recovery.jsonlz4.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:Mozilla lz4 compressed data, originally 5861 bytes
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):1566
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.329216041633542
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:v+USUGlcAxS4ILXnIg2/pnxQwRlszT5sKpL80E3eHVPGVXTframhujJXXYzOBaFI:GUpOx2GnR6R63eQZTfr4JHaTv4R
                                                                                                                                                                                                                                                                                                                                                                      MD5:8B841093C0B393A2EA8B3615E0B1C3A0
                                                                                                                                                                                                                                                                                                                                                                      SHA1:7B9EAE7737053946DBFDFA46F4B8DB6F291CF275
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:65233769F1C6E47DD55FA94705D0EC824FB234831D7C33676A3E4813F26594D8
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:FBE37FCFA360C5A119A3C8EF1DAF09EF843C01D2556FFFA494EE990D85830CCF8C5F25748A73029DA0164A46E072E832DC68A828D4C68F136FFD1709C8844B6B
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:mozLz40.......{"version":["ses....restore",1],"windows":[{"tab..bentrie....url":"https://youtube.com/account?=.....rs.googl%...v3/signin/challenge/pwd","title[.C..cacheKey":0,"ID":6,"docshellUU...D"{01d0592b-9ab2-40b6-81b5-01dec8f92a8a}","resultPrincipalURI":null,"hasUserInteracte...true,"triggering8.p_base64z..\"3\":{}^...docIdentifier":7,"persistK..+}],"lastAccessed":1734714644305,"hidden":false,"searchMode...userContextId...attribut...{},"index":1...questedI..p0,"imag....chrome://global/skin/icons/warning.svg"..aselect...,"_closedTZ.@],"_...C..`GroupCF..":-1,"busy...t...Flags":2167541758....dth":1164,"height":891,"screenX":4...Y..Aizem..."maximize......BeforeMin...&..workspace9...901dfca9-0933-49dd-b8ad-c128d9fd5ae7","zD..1...Wm..l........j..:....1":{..jUpdate...6,"startTim..P07840...centCrash..B0},".....Dcook.. hoc..."addons.mozilla.org","valu...A51e19de0ffa8528fa1d4335ed7f73fa3f4df6437c31aaee3b1be0ea3fc874673","path":"/","na..a"taarI|.Recure...,`.Donly..fexpiry...12880,"originA...

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\storage.sqlite

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:SQLite 3.x database, user version 131075, last written using SQLite version 3042000, page size 512, file counter 6, database pages 8, cookie 0x4, schema 4, UTF-8, version-valid-for 6
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4096
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):2.0836444556178684
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24:JBwdh/cEUcR9PzNFPFHx/GJRBdkOrDcRB1trwDeAq2gRMyxr3:jnEUo9LXtR+JdkOnohYsl
                                                                                                                                                                                                                                                                                                                                                                      MD5:8B40B1534FF0F4B533AF767EB5639A05
                                                                                                                                                                                                                                                                                                                                                                      SHA1:63EDB539EA39AD09D701A36B535C4C087AE08CC9
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:AF275A19A5C2C682139266065D90C237282274D11C5619A121B7BDBDB252861B
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:54AF707698CED33C206B1B193DA414D630901762E88E37E99885A50D4D5F8DDC28367C9B401DFE251CF0552B4FA446EE28F78A97C9096AFB0F2898BFBB673B53
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\targeting.snapshot.json (copy)

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.03227001708096
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YrSAYLjhUQZpExB1+anOqW5VhpZVjWKzzc8cyYMsku7f86SLAVL7sKsM5FtsfAct:ycL5TEr5i+Kzzczvbw6KkMKXrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                      MD5:D7D28F34C3367A7B095497230581EB58
                                                                                                                                                                                                                                                                                                                                                                      SHA1:ED92A45E43CDCC05626942668C9D24EA30C870BF
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:AF0A21C09DC9C60B4B452E118CDFD4BD1A24AE6AEAFF8D38AA463071A6D02EAA
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:E6164BEBB9203257BF09DB4E07870B44995495CF4DAB55D44156EBCB0D50D2B462811189E6F562F6E7B638A4E7FD393A6046FA3E3170A2AB19F6B562DE1C001F
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-20T17:10:23.953Z","profileAgeCreated":1696503493780,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                      C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\bhsw2cld.default-release\targeting.snapshot.json.tmp

                                                                                                                                                                                                                                                                                                                                                                      Download File
                                                                                                                                                                                                                                                                                                                                                                      Process:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      File Type:JSON data
                                                                                                                                                                                                                                                                                                                                                                      Category:dropped
                                                                                                                                                                                                                                                                                                                                                                      Size (bytes):4537
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):5.03227001708096
                                                                                                                                                                                                                                                                                                                                                                      Encrypted:false
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:48:YrSAYLjhUQZpExB1+anOqW5VhpZVjWKzzc8cyYMsku7f86SLAVL7sKsM5FtsfAct:ycL5TEr5i+Kzzczvbw6KkMKXrc2Rn27
                                                                                                                                                                                                                                                                                                                                                                      MD5:D7D28F34C3367A7B095497230581EB58
                                                                                                                                                                                                                                                                                                                                                                      SHA1:ED92A45E43CDCC05626942668C9D24EA30C870BF
                                                                                                                                                                                                                                                                                                                                                                      SHA-256:AF0A21C09DC9C60B4B452E118CDFD4BD1A24AE6AEAFF8D38AA463071A6D02EAA
                                                                                                                                                                                                                                                                                                                                                                      SHA-512:E6164BEBB9203257BF09DB4E07870B44995495CF4DAB55D44156EBCB0D50D2B462811189E6F562F6E7B638A4E7FD393A6046FA3E3170A2AB19F6B562DE1C001F
                                                                                                                                                                                                                                                                                                                                                                      Malicious:false
                                                                                                                                                                                                                                                                                                                                                                      Preview:{"environment":{"locale":"en-US","localeLanguageCode":"en","browserSettings":{"update":{"channel":"release","enabled":true,"autoDownload":true,"background":true}},"attributionData":{"campaign":"%2528not%2Bset%2529","content":"%2528not%2Bset%2529","dlsource":"mozorg","dltoken":"cd09ae95-e2cf-4b8b-8929-791b0dd48cdd","experiment":"%2528not%2Bset%2529","medium":"referral","source":"www.google.com","ua":"chrome","variation":"%2528not%2Bset%2529"},"currentDate":"2024-12-20T17:10:23.953Z","profileAgeCreated":1696503493780,"usesFirefoxSync":false,"isFxAEnabled":true,"isFxASignedIn":false,"sync":{"desktopDevices":0,"mobileDevices":0,"totalDevices":0},"xpinstallEnabled":true,"addonsInfo":{"addons":{"formautofill@mozilla.org":{"version":"1.0.1","type":"extension","isSystem":true,"isWebExtension":true,"name":"Form Autofill","userDisabled":false,"installDate":"2023-09-28T01:41:23.000Z"},"pictureinpicture@mozilla.org":{"version":"1.0.0","type":"extension","isSystem":true,"isWebExtension":true,"name"

                                                                                                                                                                                                                                                                                                                                                                      Static File Info

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      File type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                                                                                                                                                                      Entropy (8bit):6.702443906803454
                                                                                                                                                                                                                                                                                                                                                                      TrID:
                                                                                                                                                                                                                                                                                                                                                                      • Win32 Executable (generic) a (10002005/4) 99.96%
                                                                                                                                                                                                                                                                                                                                                                      • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                                                                      • DOS Executable Generic (2002/1) 0.02%
                                                                                                                                                                                                                                                                                                                                                                      • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                                                                                                                                                                                                                                                                                                                                      File name:gTU8ed4669.exe
                                                                                                                                                                                                                                                                                                                                                                      File size:970'240 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5:2177e5dd54a3815b8535b4e6902c1777
                                                                                                                                                                                                                                                                                                                                                                      SHA1:1cc1940a436cfa997f221ac2b16dfe57d7d0da11
                                                                                                                                                                                                                                                                                                                                                                      SHA256:47ea422d6bd14500cf0851c83895445560363a19beddd3a8e9500922f217240a
                                                                                                                                                                                                                                                                                                                                                                      SHA512:0fb608af6cda960f0cc03208b56851ba2d02c75f932b239a543e21e4dac489ee1cfcec19d099019f91b9e070959b143514aea5203fee1eccb1538f797cff2ef1
                                                                                                                                                                                                                                                                                                                                                                      SSDEEP:24576:rqDEvCTbMWu7rQYlBQcBiT6rprG8a5U3F:rTvC/MTQYxsWR7a5U
                                                                                                                                                                                                                                                                                                                                                                      TLSH:F4259E0273D1C062FF9B92334B5AF6515BBC69260123E62F13A81D79BE701B1563E7A3
                                                                                                                                                                                                                                                                                                                                                                      File Content Preview:MZ......................@................................... ...........!..L.!This program cannot be run in DOS mode....$.......................j:......j:..C...j:......@.*...............................n.......~.............{.......{.......{.........z....

                                                                                                                                                                                                                                                                                                                                                                      File Icon

                                                                                                                                                                                                                                                                                                                                                                      Icon Hash:aaf3e3e3938382a0

                                                                                                                                                                                                                                                                                                                                                                      Static PE Info

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Entrypoint:0x420577
                                                                                                                                                                                                                                                                                                                                                                      Entrypoint Section:.text
                                                                                                                                                                                                                                                                                                                                                                      Digitally signed:false
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                                                                      Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                                                                      Image File Characteristics:EXECUTABLE_IMAGE, LARGE_ADDRESS_AWARE, 32BIT_MACHINE
                                                                                                                                                                                                                                                                                                                                                                      DLL Characteristics:DYNAMIC_BASE, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                                                                                                                                                                      Time Stamp:0x676498DB [Thu Dec 19 22:06:19 2024 UTC]
                                                                                                                                                                                                                                                                                                                                                                      TLS Callbacks:
                                                                                                                                                                                                                                                                                                                                                                      CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                                                                      OS Version Major:5
                                                                                                                                                                                                                                                                                                                                                                      OS Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                      File Version Major:5
                                                                                                                                                                                                                                                                                                                                                                      File Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                      Subsystem Version Major:5
                                                                                                                                                                                                                                                                                                                                                                      Subsystem Version Minor:1
                                                                                                                                                                                                                                                                                                                                                                      Import Hash:948cc502fe9226992dce9417f952fce3

                                                                                                                                                                                                                                                                                                                                                                      Entrypoint Preview

                                                                                                                                                                                                                                                                                                                                                                      Instruction
                                                                                                                                                                                                                                                                                                                                                                      call 00007F5BF4E595C3h
                                                                                                                                                                                                                                                                                                                                                                      jmp 00007F5BF4E58ECFh
                                                                                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                                                                                                      push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                      mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                      call 00007F5BF4E590ADh
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [esi], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                      mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                                                                                                                      pop ebp
                                                                                                                                                                                                                                                                                                                                                                      retn 0004h
                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                      mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [ecx+04h], 0049FDF8h
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [ecx], 0049FDF0h
                                                                                                                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                                                                                                      push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                      mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                      call 00007F5BF4E5907Ah
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [esi], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                      mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                                                                                                                      pop ebp
                                                                                                                                                                                                                                                                                                                                                                      retn 0004h
                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [ecx+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                      mov eax, ecx
                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [ecx+08h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [ecx+04h], 0049FE14h
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [ecx], 0049FE0Ch
                                                                                                                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                                                                                                      mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                      lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [eax], 00000000h
                                                                                                                                                                                                                                                                                                                                                                      and dword ptr [eax+04h], 00000000h
                                                                                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                                                                                      mov eax, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                                                                      add eax, 04h
                                                                                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                                                                                      call 00007F5BF4E5BC6Dh
                                                                                                                                                                                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                                                                                                                                                                                      mov eax, esi
                                                                                                                                                                                                                                                                                                                                                                      pop esi
                                                                                                                                                                                                                                                                                                                                                                      pop ebp
                                                                                                                                                                                                                                                                                                                                                                      retn 0004h
                                                                                                                                                                                                                                                                                                                                                                      lea eax, dword ptr [ecx+04h]
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [ecx], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                                                                                      call 00007F5BF4E5BCB8h
                                                                                                                                                                                                                                                                                                                                                                      pop ecx
                                                                                                                                                                                                                                                                                                                                                                      ret
                                                                                                                                                                                                                                                                                                                                                                      push ebp
                                                                                                                                                                                                                                                                                                                                                                      mov ebp, esp
                                                                                                                                                                                                                                                                                                                                                                      push esi
                                                                                                                                                                                                                                                                                                                                                                      mov esi, ecx
                                                                                                                                                                                                                                                                                                                                                                      lea eax, dword ptr [esi+04h]
                                                                                                                                                                                                                                                                                                                                                                      mov dword ptr [esi], 0049FDD0h
                                                                                                                                                                                                                                                                                                                                                                      push eax
                                                                                                                                                                                                                                                                                                                                                                      call 00007F5BF4E5BCA1h
                                                                                                                                                                                                                                                                                                                                                                      test byte ptr [ebp+08h], 00000001h
                                                                                                                                                                                                                                                                                                                                                                      pop ecx

                                                                                                                                                                                                                                                                                                                                                                      Rich Headers

                                                                                                                                                                                                                                                                                                                                                                      Programming Language:
                                                                                                                                                                                                                                                                                                                                                                      • [ C ] VS2008 SP1 build 30729
                                                                                                                                                                                                                                                                                                                                                                      • [IMP] VS2008 SP1 build 30729

                                                                                                                                                                                                                                                                                                                                                                      Data Directories

                                                                                                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xc8e640x17c.rdata
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xd40000x1625c.rsrc
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xeb0000x7594.reloc
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xb0ff00x1c.rdata
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_TLS0xc34000x18.rdata
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0xb10100x40.rdata
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_IAT0x9c0000x894.rdata
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                                                                                                                                                                      Sections

                                                                                                                                                                                                                                                                                                                                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                                                                      .text0x10000x9ab1d0x9ac000a1473f3064dcbc32ef93c5c8a90f3a6False0.565500681542811data6.668273581389308IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                      .rdata0x9c0000x2fb820x2fc00c9cf2468b60bf4f80f136ed54b3989fbFalse0.35289185209424084data5.691811547483722IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                      .data0xcc0000x706c0x480053b9025d545d65e23295e30afdbd16d9False0.04356553819444445DOS executable (block device driver @\273\)0.5846666986982398IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                                                                      .rsrc0xd40000x1625c0x16400f3b937ae26be81bea2f5e5dace4c863bFalse0.6997344627808989data7.171885459246731IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                                                                                                                                                                      .reloc0xeb0000x75940x7600c68ee8931a32d45eb82dc450ee40efc3False0.7628111758474576data6.7972128181359786IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                                                                                                                                                                      Resources

                                                                                                                                                                                                                                                                                                                                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd45f00x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.7466216216216216
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd47180x128Device independent bitmap graphic, 16 x 32 x 4, image size 128, 16 important colorsEnglishGreat Britain0.3277027027027027
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd48400x128Device independent bitmap graphic, 16 x 32 x 4, image size 192EnglishGreat Britain0.3885135135135135
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd49680x2e8Device independent bitmap graphic, 32 x 64 x 4, image size 0EnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd4c500x128Device independent bitmap graphic, 16 x 32 x 4, image size 0EnglishGreat Britain0.5
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd4d780xea8Device independent bitmap graphic, 48 x 96 x 8, image size 0EnglishGreat Britain0.2835820895522388
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd5c200x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 0EnglishGreat Britain0.37906137184115524
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd64c80x568Device independent bitmap graphic, 16 x 32 x 8, image size 0EnglishGreat Britain0.23699421965317918
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd6a300x25a8Device independent bitmap graphic, 48 x 96 x 32, image size 0EnglishGreat Britain0.13858921161825727
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xd8fd80x10a8Device independent bitmap graphic, 32 x 64 x 32, image size 0EnglishGreat Britain0.25070356472795496
                                                                                                                                                                                                                                                                                                                                                                      RT_ICON0xda0800x468Device independent bitmap graphic, 16 x 32 x 32, image size 0EnglishGreat Britain0.3173758865248227
                                                                                                                                                                                                                                                                                                                                                                      RT_MENU0xda4e80x50dataEnglishGreat Britain0.9
                                                                                                                                                                                                                                                                                                                                                                      RT_DIALOG0xda5380xfcdataEnglishGreat Britain0.6507936507936508
                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xda6340x594dataEnglishGreat Britain0.3333333333333333
                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdabc80x68adataEnglishGreat Britain0.2735961768219833
                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdb2540x490dataEnglishGreat Britain0.3715753424657534
                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdb6e40x5fcdataEnglishGreat Britain0.3087467362924282
                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdbce00x65cdataEnglishGreat Britain0.34336609336609336
                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdc33c0x466dataEnglishGreat Britain0.3605683836589698
                                                                                                                                                                                                                                                                                                                                                                      RT_STRING0xdc7a40x158Matlab v4 mat-file (little endian) n, numeric, rows 0, columns 0EnglishGreat Britain0.502906976744186
                                                                                                                                                                                                                                                                                                                                                                      RT_RCDATA0xdc8fc0xd3e0data1.0004793510324483
                                                                                                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0xe9cdc0x76dataEnglishGreat Britain0.6610169491525424
                                                                                                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0xe9d540x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0xe9d680x14dataEnglishGreat Britain1.15
                                                                                                                                                                                                                                                                                                                                                                      RT_GROUP_ICON0xe9d7c0x14dataEnglishGreat Britain1.25
                                                                                                                                                                                                                                                                                                                                                                      RT_VERSION0xe9d900xdcdataEnglishGreat Britain0.6181818181818182
                                                                                                                                                                                                                                                                                                                                                                      RT_MANIFEST0xe9e6c0x3efASCII text, with CRLF line terminatorsEnglishGreat Britain0.5074478649453823

                                                                                                                                                                                                                                                                                                                                                                      Imports

                                                                                                                                                                                                                                                                                                                                                                      DLLImport
                                                                                                                                                                                                                                                                                                                                                                      WSOCK32.dllgethostbyname, recv, send, socket, inet_ntoa, setsockopt, ntohs, WSACleanup, WSAStartup, sendto, htons, __WSAFDIsSet, select, accept, listen, bind, inet_addr, ioctlsocket, recvfrom, WSAGetLastError, closesocket, gethostname, connect
                                                                                                                                                                                                                                                                                                                                                                      VERSION.dllGetFileVersionInfoW, VerQueryValueW, GetFileVersionInfoSizeW
                                                                                                                                                                                                                                                                                                                                                                      WINMM.dlltimeGetTime, waveOutSetVolume, mciSendStringW
                                                                                                                                                                                                                                                                                                                                                                      COMCTL32.dllImageList_ReplaceIcon, ImageList_Destroy, ImageList_Remove, ImageList_SetDragCursorImage, ImageList_BeginDrag, ImageList_DragEnter, ImageList_DragLeave, ImageList_EndDrag, ImageList_DragMove, InitCommonControlsEx, ImageList_Create
                                                                                                                                                                                                                                                                                                                                                                      MPR.dllWNetGetConnectionW, WNetCancelConnection2W, WNetUseConnectionW, WNetAddConnection2W
                                                                                                                                                                                                                                                                                                                                                                      WININET.dllHttpOpenRequestW, InternetCloseHandle, InternetOpenW, InternetSetOptionW, InternetCrackUrlW, HttpQueryInfoW, InternetQueryOptionW, InternetConnectW, HttpSendRequestW, FtpOpenFileW, FtpGetFileSize, InternetOpenUrlW, InternetReadFile, InternetQueryDataAvailable
                                                                                                                                                                                                                                                                                                                                                                      PSAPI.DLLGetProcessMemoryInfo
                                                                                                                                                                                                                                                                                                                                                                      IPHLPAPI.DLLIcmpSendEcho, IcmpCloseHandle, IcmpCreateFile
                                                                                                                                                                                                                                                                                                                                                                      USERENV.dllDestroyEnvironmentBlock, LoadUserProfileW, CreateEnvironmentBlock, UnloadUserProfile
                                                                                                                                                                                                                                                                                                                                                                      UxTheme.dllIsThemeActive
                                                                                                                                                                                                                                                                                                                                                                      KERNEL32.dllDuplicateHandle, CreateThread, WaitForSingleObject, HeapAlloc, GetProcessHeap, HeapFree, Sleep, GetCurrentThreadId, MultiByteToWideChar, MulDiv, GetVersionExW, IsWow64Process, GetSystemInfo, FreeLibrary, LoadLibraryA, GetProcAddress, SetErrorMode, GetModuleFileNameW, WideCharToMultiByte, lstrcpyW, lstrlenW, GetModuleHandleW, QueryPerformanceCounter, VirtualFreeEx, OpenProcess, VirtualAllocEx, WriteProcessMemory, ReadProcessMemory, CreateFileW, SetFilePointerEx, SetEndOfFile, ReadFile, WriteFile, FlushFileBuffers, TerminateProcess, CreateToolhelp32Snapshot, Process32FirstW, Process32NextW, SetFileTime, GetFileAttributesW, FindFirstFileW, FindClose, GetLongPathNameW, GetShortPathNameW, DeleteFileW, IsDebuggerPresent, CopyFileExW, MoveFileW, CreateDirectoryW, RemoveDirectoryW, SetSystemPowerState, QueryPerformanceFrequency, LoadResource, LockResource, SizeofResource, OutputDebugStringW, GetTempPathW, GetTempFileNameW, DeviceIoControl, LoadLibraryW, GetLocalTime, CompareStringW, GetCurrentThread, EnterCriticalSection, LeaveCriticalSection, GetStdHandle, CreatePipe, InterlockedExchange, TerminateThread, LoadLibraryExW, FindResourceExW, CopyFileW, VirtualFree, FormatMessageW, GetExitCodeProcess, GetPrivateProfileStringW, WritePrivateProfileStringW, GetPrivateProfileSectionW, WritePrivateProfileSectionW, GetPrivateProfileSectionNamesW, FileTimeToLocalFileTime, FileTimeToSystemTime, SystemTimeToFileTime, LocalFileTimeToFileTime, GetDriveTypeW, GetDiskFreeSpaceExW, GetDiskFreeSpaceW, GetVolumeInformationW, SetVolumeLabelW, CreateHardLinkW, SetFileAttributesW, CreateEventW, SetEvent, GetEnvironmentVariableW, SetEnvironmentVariableW, GlobalLock, GlobalUnlock, GlobalAlloc, GetFileSize, GlobalFree, GlobalMemoryStatusEx, Beep, GetSystemDirectoryW, HeapReAlloc, HeapSize, GetComputerNameW, GetWindowsDirectoryW, GetCurrentProcessId, GetProcessIoCounters, CreateProcessW, GetProcessId, SetPriorityClass, VirtualAlloc, GetCurrentDirectoryW, lstrcmpiW, DecodePointer, GetLastError, RaiseException, InitializeCriticalSectionAndSpinCount, DeleteCriticalSection, InterlockedDecrement, InterlockedIncrement, ResetEvent, WaitForSingleObjectEx, IsProcessorFeaturePresent, UnhandledExceptionFilter, SetUnhandledExceptionFilter, GetCurrentProcess, CloseHandle, GetFullPathNameW, GetStartupInfoW, GetSystemTimeAsFileTime, InitializeSListHead, RtlUnwind, SetLastError, TlsAlloc, TlsGetValue, TlsSetValue, TlsFree, EncodePointer, ExitProcess, GetModuleHandleExW, ExitThread, ResumeThread, FreeLibraryAndExitThread, GetACP, GetDateFormatW, GetTimeFormatW, LCMapStringW, GetStringTypeW, GetFileType, SetStdHandle, GetConsoleCP, GetConsoleMode, ReadConsoleW, GetTimeZoneInformation, FindFirstFileExW, IsValidCodePage, GetOEMCP, GetCPInfo, GetCommandLineA, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, SetEnvironmentVariableA, SetCurrentDirectoryW, FindNextFileW, WriteConsoleW
                                                                                                                                                                                                                                                                                                                                                                      USER32.dllGetKeyboardLayoutNameW, IsCharAlphaW, IsCharAlphaNumericW, IsCharLowerW, IsCharUpperW, GetMenuStringW, GetSubMenu, GetCaretPos, IsZoomed, GetMonitorInfoW, SetWindowLongW, SetLayeredWindowAttributes, FlashWindow, GetClassLongW, TranslateAcceleratorW, IsDialogMessageW, GetSysColor, InflateRect, DrawFocusRect, DrawTextW, FrameRect, DrawFrameControl, FillRect, PtInRect, DestroyAcceleratorTable, CreateAcceleratorTableW, SetCursor, GetWindowDC, GetSystemMetrics, GetActiveWindow, CharNextW, wsprintfW, RedrawWindow, DrawMenuBar, DestroyMenu, SetMenu, GetWindowTextLengthW, CreateMenu, IsDlgButtonChecked, DefDlgProcW, CallWindowProcW, ReleaseCapture, SetCapture, PeekMessageW, GetInputState, UnregisterHotKey, CharLowerBuffW, MonitorFromPoint, MonitorFromRect, LoadImageW, mouse_event, ExitWindowsEx, SetActiveWindow, FindWindowExW, EnumThreadWindows, SetMenuDefaultItem, InsertMenuItemW, IsMenu, ClientToScreen, GetCursorPos, DeleteMenu, CheckMenuRadioItem, GetMenuItemID, GetMenuItemCount, SetMenuItemInfoW, GetMenuItemInfoW, SetForegroundWindow, IsIconic, FindWindowW, SystemParametersInfoW, LockWindowUpdate, SendInput, GetAsyncKeyState, SetKeyboardState, GetKeyboardState, GetKeyState, VkKeyScanW, LoadStringW, DialogBoxParamW, MessageBeep, EndDialog, SendDlgItemMessageW, GetDlgItem, SetWindowTextW, CopyRect, ReleaseDC, GetDC, EndPaint, BeginPaint, GetClientRect, GetMenu, DestroyWindow, EnumWindows, GetDesktopWindow, IsWindow, IsWindowEnabled, IsWindowVisible, EnableWindow, InvalidateRect, GetWindowLongW, GetWindowThreadProcessId, AttachThreadInput, GetFocus, GetWindowTextW, SendMessageTimeoutW, EnumChildWindows, CharUpperBuffW, GetClassNameW, GetParent, GetDlgCtrlID, SendMessageW, MapVirtualKeyW, PostMessageW, GetWindowRect, SetUserObjectSecurity, CloseDesktop, CloseWindowStation, OpenDesktopW, RegisterHotKey, GetCursorInfo, SetWindowPos, CopyImage, AdjustWindowRectEx, SetRect, SetClipboardData, EmptyClipboard, CountClipboardFormats, CloseClipboard, GetClipboardData, IsClipboardFormatAvailable, OpenClipboard, BlockInput, TrackPopupMenuEx, GetMessageW, SetProcessWindowStation, GetProcessWindowStation, OpenWindowStationW, GetUserObjectSecurity, MessageBoxW, DefWindowProcW, MoveWindow, SetFocus, PostQuitMessage, KillTimer, CreatePopupMenu, RegisterWindowMessageW, SetTimer, ShowWindow, CreateWindowExW, RegisterClassExW, LoadIconW, LoadCursorW, GetSysColorBrush, GetForegroundWindow, MessageBoxA, DestroyIcon, DispatchMessageW, keybd_event, TranslateMessage, ScreenToClient
                                                                                                                                                                                                                                                                                                                                                                      GDI32.dllEndPath, DeleteObject, GetTextExtentPoint32W, ExtCreatePen, StrokeAndFillPath, GetDeviceCaps, SetPixel, CloseFigure, LineTo, AngleArc, MoveToEx, Ellipse, CreateCompatibleBitmap, CreateCompatibleDC, PolyDraw, BeginPath, Rectangle, SetViewportOrgEx, GetObjectW, SetBkMode, RoundRect, SetBkColor, CreatePen, SelectObject, StretchBlt, CreateSolidBrush, SetTextColor, CreateFontW, GetTextFaceW, GetStockObject, CreateDCW, GetPixel, DeleteDC, GetDIBits, StrokePath
                                                                                                                                                                                                                                                                                                                                                                      COMDLG32.dllGetSaveFileNameW, GetOpenFileNameW
                                                                                                                                                                                                                                                                                                                                                                      ADVAPI32.dllGetAce, RegEnumValueW, RegDeleteValueW, RegDeleteKeyW, RegEnumKeyExW, RegSetValueExW, RegOpenKeyExW, RegCloseKey, RegQueryValueExW, RegConnectRegistryW, InitializeSecurityDescriptor, InitializeAcl, AdjustTokenPrivileges, OpenThreadToken, OpenProcessToken, LookupPrivilegeValueW, DuplicateTokenEx, CreateProcessAsUserW, CreateProcessWithLogonW, GetLengthSid, CopySid, LogonUserW, AllocateAndInitializeSid, CheckTokenMembership, FreeSid, GetTokenInformation, RegCreateKeyExW, GetSecurityDescriptorDacl, GetAclInformation, GetUserNameW, AddAce, SetSecurityDescriptorDacl, InitiateSystemShutdownExW
                                                                                                                                                                                                                                                                                                                                                                      SHELL32.dllDragFinish, DragQueryPoint, ShellExecuteExW, DragQueryFileW, SHEmptyRecycleBinW, SHGetPathFromIDListW, SHBrowseForFolderW, SHCreateShellItem, SHGetDesktopFolder, SHGetSpecialFolderLocation, SHGetFolderPathW, SHFileOperationW, ExtractIconExW, Shell_NotifyIconW, ShellExecuteW
                                                                                                                                                                                                                                                                                                                                                                      ole32.dllCoTaskMemAlloc, CoTaskMemFree, CLSIDFromString, ProgIDFromCLSID, CLSIDFromProgID, OleSetMenuDescriptor, MkParseDisplayName, OleSetContainedObject, CoCreateInstance, IIDFromString, StringFromGUID2, CreateStreamOnHGlobal, OleInitialize, OleUninitialize, CoInitialize, CoUninitialize, GetRunningObjectTable, CoGetInstanceFromFile, CoGetObject, CoInitializeSecurity, CoCreateInstanceEx, CoSetProxyBlanket
                                                                                                                                                                                                                                                                                                                                                                      OLEAUT32.dllCreateStdDispatch, CreateDispTypeInfo, UnRegisterTypeLib, UnRegisterTypeLibForUser, RegisterTypeLibForUser, RegisterTypeLib, LoadTypeLibEx, VariantCopyInd, SysReAllocString, SysFreeString, VariantChangeType, SafeArrayDestroyData, SafeArrayUnaccessData, SafeArrayAccessData, SafeArrayAllocData, SafeArrayAllocDescriptorEx, SafeArrayCreateVector, SysStringLen, QueryPathOfRegTypeLib, SysAllocString, VariantInit, VariantClear, DispCallFunc, VariantTimeToSystemTime, VarR8FromDec, SafeArrayGetVartype, SafeArrayDestroyDescriptor, VariantCopy, OleLoadPicture

                                                                                                                                                                                                                                                                                                                                                                      Possible Origin

                                                                                                                                                                                                                                                                                                                                                                      Language of compilation systemCountry where language is spokenMap
                                                                                                                                                                                                                                                                                                                                                                      EnglishGreat Britain

                                                                                                                                                                                                                                                                                                                                                                      Network Behavior

                                                                                                                                                                                                                                                                                                                                                                      Network Port Distribution

                                                                                                                                                                                                                                                                                                                                                                      TCP Packets

                                                                                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.022293091 CET49731443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.022346973 CET4434973135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.022926092 CET49731443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.027754068 CET49731443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.027791023 CET4434973135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.577891111 CET49735443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.577913046 CET44349735142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.578259945 CET49735443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.581027985 CET49735443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.581044912 CET44349735142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.617656946 CET49736443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.617690086 CET44349736142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.621831894 CET49736443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.627019882 CET49736443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.627037048 CET44349736142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.864118099 CET4973780192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.985248089 CET804973734.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.988066912 CET4973780192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.243573904 CET4434973135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.243664026 CET49731443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.871790886 CET4973780192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.894500017 CET49740443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.894531012 CET4434974034.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.895262003 CET49740443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.896667004 CET49740443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.896683931 CET4434974034.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.900336981 CET49731443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.900363922 CET4434973135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.900485039 CET49731443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.900624037 CET4434973135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.900844097 CET49741443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.900875092 CET4434974135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.903409958 CET49731443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.903448105 CET49741443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.904908895 CET49741443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.904921055 CET4434974135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.991481066 CET804973734.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.065927029 CET49742443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.065959930 CET4434974234.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.066701889 CET49742443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.068137884 CET49742443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.068151951 CET4434974234.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.186229944 CET804973734.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.187153101 CET4973780192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.277106047 CET44349735142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.277833939 CET44349735142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.277842045 CET49735443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.277865887 CET44349735142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.277985096 CET49735443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.307190895 CET804973734.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.307254076 CET4973780192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.318223000 CET44349736142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.318958998 CET44349736142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.319389105 CET49736443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.319401979 CET44349736142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.359719038 CET49736443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.549098969 CET49745443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.549127102 CET4434974535.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.549566031 CET49746443192.168.2.1134.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.549592972 CET4434974634.160.144.191192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.560386896 CET49745443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.560390949 CET49746443192.168.2.1134.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.560964108 CET49746443192.168.2.1134.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.560976982 CET4434974634.160.144.191192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.560986042 CET49745443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.560998917 CET4434974535.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.562483072 CET49735443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.562494040 CET44349735142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.562731028 CET44349735142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.562938929 CET49735443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.562944889 CET44349735142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.564472914 CET49736443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.564491987 CET44349736142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.564567089 CET49736443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.564678907 CET44349736142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.564934969 CET49747443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.564950943 CET44349747142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.573508024 CET49736443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.573549032 CET49735443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.573551893 CET49747443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.574944973 CET49747443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.574961901 CET44349747142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.683579922 CET4974980192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.803379059 CET804974934.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.803456068 CET4974980192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.804018974 CET4974980192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.923551083 CET804974934.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.115516901 CET4434974135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.115757942 CET49741443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.119709969 CET4434974034.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.120599985 CET49741443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.120606899 CET4434974135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.120692968 CET49741443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.120745897 CET4434974135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.120944023 CET49741443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.123272896 CET49740443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.125910997 CET49740443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.125910997 CET49740443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.125922918 CET4434974034.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.126219034 CET4434974034.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.126348019 CET49753443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.126385927 CET4434975334.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.126478910 CET49740443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.129666090 CET49753443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.131263018 CET49753443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.131275892 CET4434975334.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.294394016 CET4975480192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.398041964 CET4434974234.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.398113966 CET49742443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.403633118 CET49742443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.403646946 CET4434974234.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.403758049 CET49742443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.403808117 CET4434974234.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.403968096 CET49742443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.479801893 CET804975434.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.480050087 CET4975480192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.480146885 CET4975480192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.489289999 CET49755443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.489336014 CET4434975534.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.497819901 CET49755443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.499972105 CET49755443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.499990940 CET4434975534.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.537909031 CET49756443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.537960052 CET4434975634.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.538682938 CET49756443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.540427923 CET49756443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.540443897 CET4434975634.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.599699020 CET804975434.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.781622887 CET4434974535.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.781640053 CET4434974535.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.781706095 CET49745443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.783725023 CET4434974634.160.144.191192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.783744097 CET4434974634.160.144.191192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.785303116 CET49745443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.785310030 CET4434974535.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.785630941 CET4434974535.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.785665989 CET49746443192.168.2.1134.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.788192987 CET49746443192.168.2.1134.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.788203001 CET4434974634.160.144.191192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.788923025 CET4434974634.160.144.191192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.791070938 CET49745443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.791186094 CET49745443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.791246891 CET4434974535.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.791280031 CET49746443192.168.2.1134.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.791332006 CET49746443192.168.2.1134.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.791426897 CET49745443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.791496038 CET4434974634.160.144.191192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.791619062 CET49746443192.168.2.1134.160.144.191
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.889270067 CET804974934.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.902374983 CET4974980192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.993369102 CET49758443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.993396997 CET4434975834.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.996690989 CET49758443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.998300076 CET49758443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.998315096 CET4434975834.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.000648022 CET49759443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.000695944 CET4434975935.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.002393007 CET49759443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.002512932 CET49759443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.002525091 CET4434975935.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.022344112 CET804974934.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.028888941 CET49760443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.028920889 CET4434976034.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.029217005 CET4974980192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.029266119 CET49760443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.030673981 CET49760443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.030687094 CET4434976034.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.266736984 CET44349747142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.266752005 CET44349747142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.266943932 CET49747443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.267515898 CET44349747142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.267801046 CET49747443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.367278099 CET4434975334.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.373718023 CET49753443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.402458906 CET49747443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.402478933 CET44349747142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.402740955 CET44349747142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.402761936 CET49747443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.402769089 CET44349747142.250.181.110192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.405342102 CET49753443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.405364990 CET4434975334.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.405376911 CET49753443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.405520916 CET4434975334.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.408878088 CET49753443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.408946037 CET49747443192.168.2.11142.250.181.110
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.583812952 CET804975434.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.586086988 CET4975480192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.628173113 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.706212997 CET804975434.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.709258080 CET4975480192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.721510887 CET4434975534.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.721528053 CET4434975534.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.724370003 CET49755443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.733650923 CET49755443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.733673096 CET4434975534.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.733726978 CET49755443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.733867884 CET4434975534.117.188.166192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.734103918 CET49755443192.168.2.1134.117.188.166
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.747936964 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.748008013 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.748146057 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.756863117 CET4434975634.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.756943941 CET49756443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.761706114 CET49756443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.761715889 CET4434975634.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.761785984 CET49756443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.761861086 CET4434975634.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.763384104 CET49756443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.867825031 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.310127974 CET4434975935.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.310208082 CET49759443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.312815905 CET49759443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.312822104 CET4434975935.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.313046932 CET4434975935.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.314611912 CET4434975834.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.314958096 CET49759443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.315037012 CET49759443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.315082073 CET4434975935.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.315171957 CET49759443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.315182924 CET49758443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.321784973 CET4434976034.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.322124958 CET49760443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.342164040 CET49758443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.342184067 CET4434975834.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.342250109 CET49758443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.342330933 CET4434975834.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.342382908 CET49760443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.342405081 CET4434976034.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.342423916 CET49760443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.342533112 CET49758443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.342535019 CET4434976034.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.342746973 CET49760443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.879873991 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.930430889 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.911935091 CET4977380192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.941884041 CET49774443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.941920996 CET4434977434.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.948299885 CET49775443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.948348999 CET4434977534.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.948523045 CET49774443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.948672056 CET49775443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.948674917 CET49774443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.948688030 CET4434977434.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.948797941 CET49775443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.948816061 CET4434977534.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.962898016 CET49776443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.962924957 CET4434977634.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.964000940 CET49776443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.965842962 CET49776443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.965853930 CET4434977634.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.031512976 CET804977334.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.032490969 CET4977380192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.032691002 CET4977380192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.147305965 CET49778443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.147361994 CET4434977834.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.147643089 CET49778443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.152595997 CET804977334.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.155114889 CET49778443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.155143976 CET4434977834.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.163435936 CET804977334.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.181282043 CET4434977434.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.181298018 CET4434977434.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.182266951 CET4434977534.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.185422897 CET4434977634.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.187011957 CET49774443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.187071085 CET49775443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.187606096 CET49776443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.189914942 CET49774443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.189923048 CET4434977434.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.190207958 CET4434977434.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.192321062 CET49775443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.192337990 CET4434977534.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.192672968 CET4434977534.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.197633028 CET49774443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.197726011 CET49774443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.197844028 CET4434977434.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.197844982 CET49775443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.197892904 CET49775443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.198030949 CET4434977534.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.198112011 CET49776443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.198121071 CET4434977634.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.198163033 CET49776443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.198297977 CET4434977634.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.198328018 CET49774443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.198339939 CET49775443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.201282978 CET49776443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.221407890 CET4977380192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.385576010 CET4434977834.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.385653973 CET49778443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.391415119 CET49778443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.391433001 CET4434977834.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.391521931 CET49778443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.391604900 CET4434977834.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.391697884 CET49778443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.255134106 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.374722004 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.569936991 CET4977380192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.581140041 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.620836020 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.640177011 CET49791443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.640233994 CET4434979134.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.640963078 CET49791443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.642054081 CET49791443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.642072916 CET4434979134.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.689503908 CET804977334.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.727955103 CET49792443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.728003979 CET4434979234.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.728087902 CET49792443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.728176117 CET49793443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.728209972 CET4434979334.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.728307009 CET49792443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.728322983 CET4434979234.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.728339911 CET49793443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.730811119 CET49793443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.730829954 CET4434979334.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.886969090 CET804977334.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.937378883 CET4977380192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.852996111 CET4434979134.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.854131937 CET49791443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.857593060 CET49791443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.857593060 CET49791443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.857608080 CET4434979134.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.857775927 CET4434979134.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.857933044 CET49791443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.938982964 CET4434979234.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.939059019 CET49792443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.940078020 CET4434979334.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.940339088 CET49793443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.942264080 CET49792443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.942282915 CET4434979234.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.942504883 CET4434979234.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.946968079 CET49792443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.947071075 CET49792443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.947078943 CET4434979234.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.947185993 CET49793443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.947195053 CET4434979334.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.947252035 CET49793443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.947341919 CET4434979334.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.947395086 CET49792443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.947515011 CET49793443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:22.669351101 CET49799443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:22.669406891 CET4434979934.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:22.670964956 CET49799443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:22.671017885 CET49799443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:22.671026945 CET4434979934.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.287781000 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.407371998 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.440700054 CET4977380192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.561805010 CET804977334.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.602511883 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.645461082 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.755848885 CET804977334.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.808286905 CET4977380192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.882997990 CET4434979934.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.884352922 CET49799443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.970974922 CET49799443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.970994949 CET4434979934.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.971405029 CET4434979934.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.973642111 CET49799443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.973730087 CET49799443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.974024057 CET4434979934.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.974085093 CET49799443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:24.034743071 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:24.088614941 CET4977380192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:24.154320955 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:24.208451033 CET804977334.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:24.349056005 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:24.394402027 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:24.403081894 CET804977334.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:24.447825909 CET4977380192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:25.018627882 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:25.138174057 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:25.332284927 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:25.381761074 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:33.364011049 CET49823443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:33.364065886 CET4434982334.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:33.364402056 CET49823443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:33.365904093 CET49823443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:33.365925074 CET4434982334.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:33.646522999 CET804977334.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:33.646610975 CET4977380192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:33.646708965 CET4977380192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:33.766156912 CET804977334.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.583251953 CET4434982334.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.583379984 CET49823443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.587858915 CET49823443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.587858915 CET49823443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.587872028 CET4434982334.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.588056087 CET4434982334.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.588995934 CET49823443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.741764069 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.861457109 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.861855984 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.862036943 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.871750116 CET49829443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.871800900 CET4434982935.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.877397060 CET49829443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.877559900 CET49829443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.877576113 CET4434982935.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.904617071 CET49830443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.904666901 CET4434983034.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.905718088 CET49831443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.905725956 CET4434983135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.910142899 CET49830443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.910348892 CET49831443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.910471916 CET49830443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.910482883 CET4434983034.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.912103891 CET49831443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.912120104 CET4434983135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.981610060 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.063546896 CET49832443192.168.2.1135.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.063570976 CET4434983235.201.103.21192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.063826084 CET49832443192.168.2.1135.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.065510988 CET49832443192.168.2.1135.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.065526009 CET4434983235.201.103.21192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.104085922 CET49833443192.168.2.11151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.104154110 CET44349833151.101.1.91192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.104252100 CET49833443192.168.2.11151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.104408026 CET49833443192.168.2.11151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.104422092 CET44349833151.101.1.91192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.342526913 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.462558031 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.003635883 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.006757975 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.044616938 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.128160954 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.170923948 CET4434982935.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.171139956 CET49829443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.174488068 CET49829443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.174500942 CET4434982935.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.174752951 CET4434982935.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.176078081 CET4434983135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.176316977 CET49831443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.176400900 CET4434983034.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.177392006 CET49830443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.181185961 CET49830443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.181194067 CET4434983034.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.181466103 CET4434983034.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.181763887 CET49829443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.181849957 CET49829443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.181926966 CET4434982935.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.182353973 CET49829443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.185185909 CET49831443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.185190916 CET4434983135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.185337067 CET4434983135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.185453892 CET49831443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.185458899 CET4434983135.190.72.216192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.185894012 CET49830443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.185945988 CET49830443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.186059952 CET4434983034.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.187139988 CET49830443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.187160969 CET49831443192.168.2.1135.190.72.216
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.188632011 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.308166027 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.383925915 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.411283016 CET4434983235.201.103.21192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.411547899 CET49832443192.168.2.1135.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.416007042 CET49832443192.168.2.1135.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.416014910 CET4434983235.201.103.21192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.416073084 CET49832443192.168.2.1135.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.416127920 CET4434983235.201.103.21192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.416858912 CET49832443192.168.2.1135.201.103.21
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.423866987 CET44349833151.101.1.91192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.424040079 CET49833443192.168.2.11151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.427429914 CET49833443192.168.2.11151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.427437067 CET44349833151.101.1.91192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.427639961 CET44349833151.101.1.91192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.429739952 CET49833443192.168.2.11151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.429828882 CET49833443192.168.2.11151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.429902077 CET44349833151.101.1.91192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.430176020 CET49833443192.168.2.11151.101.1.91
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.430212021 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.437535048 CET49839443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.437562943 CET4434983934.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.437756062 CET49839443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.437859058 CET49839443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.437865973 CET4434983934.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.439620972 CET49840443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.439640999 CET4434984035.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.439960003 CET49840443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.440053940 CET49840443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.440064907 CET4434984035.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.441963911 CET49841443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.442008972 CET4434984135.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.442486048 CET49841443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.442612886 CET49841443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.442626953 CET4434984135.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.444417953 CET49842443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.444427013 CET4434984235.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.444751978 CET49842443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.444845915 CET49842443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.444850922 CET4434984235.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.577584028 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.580893993 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.630768061 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.700651884 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.896656036 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.947274923 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.650398016 CET4434983934.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.650474072 CET49839443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.653498888 CET49839443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.653512955 CET4434983934.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.653810978 CET4434983934.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.655687094 CET49839443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.655805111 CET49839443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.655941010 CET4434983934.149.100.209192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.656110048 CET49839443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.656131029 CET49839443192.168.2.1134.149.100.209
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.658979893 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.659794092 CET4434984035.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.660200119 CET49840443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.660677910 CET4434984235.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.660770893 CET49842443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.663146019 CET49840443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.663170099 CET4434984035.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.663577080 CET4434984035.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.665632010 CET49842443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.665649891 CET4434984235.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.665935040 CET4434984235.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.666606903 CET4434984135.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.667283058 CET49841443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.669930935 CET49841443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.669943094 CET4434984135.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.670254946 CET4434984135.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.671720982 CET49840443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.671819925 CET49840443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.671953917 CET4434984035.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.672051907 CET49842443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.672101974 CET49842443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.672223091 CET4434984235.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.674441099 CET49841443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.674498081 CET49841443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.674680948 CET4434984135.244.181.201192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.677906036 CET49840443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.677937984 CET49842443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.677938938 CET49841443192.168.2.1135.244.181.201
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.778712988 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.974355936 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.977746964 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:38.019438982 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:38.097449064 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:38.291585922 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:38.335812092 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:47.980319977 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:48.100832939 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:48.303539991 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:48.423157930 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:50.963696003 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:51.083203077 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:51.278594017 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:51.281949997 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:51.328068018 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:51.401657104 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:51.596261024 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:51.644536018 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:54.820396900 CET49885443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:54.820451975 CET4434988534.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:54.820837021 CET49885443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:54.822251081 CET49885443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:54.822273970 CET4434988534.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.039058924 CET4434988534.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.039154053 CET49885443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.043735027 CET49885443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.043761969 CET4434988534.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.043885946 CET49885443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.044028997 CET4434988534.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.044090033 CET49885443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.046907902 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.166522026 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.361845016 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.365458965 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.403425932 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.485292912 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.682032108 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.735604048 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.905297995 CET49911443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.905338049 CET4434991134.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.906831026 CET49911443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.906984091 CET49911443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.906996012 CET4434991134.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.915369987 CET49912443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.915406942 CET4434991234.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.916271925 CET49913443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.916306973 CET4434991334.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.917355061 CET49914443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.917367935 CET4434991434.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.918140888 CET49912443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.918159962 CET49913443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.918163061 CET49914443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.918288946 CET49912443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.918298960 CET4434991234.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.918530941 CET49913443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.918543100 CET4434991334.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.918653011 CET49914443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.918661118 CET4434991434.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.933274984 CET49915443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.933299065 CET4434991534.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.933532000 CET49916443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.933568001 CET4434991634.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.934142113 CET49915443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.934288025 CET49916443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.934288025 CET49915443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.934294939 CET4434991534.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.934425116 CET49916443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.934433937 CET4434991634.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.136907101 CET4434991234.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.137850046 CET4434991134.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.139478922 CET4434991334.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.139911890 CET49913443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.139914989 CET49911443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.139933109 CET49912443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.140707016 CET4434991434.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.140820026 CET49914443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.142944098 CET49912443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.142956018 CET4434991234.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.143248081 CET4434991234.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.145467043 CET49911443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.145478964 CET4434991134.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.145740986 CET4434991134.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.147845030 CET49913443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.147855043 CET4434991334.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.148240089 CET4434991334.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.150394917 CET49914443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.150408983 CET4434991434.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.150748968 CET4434991434.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.155354023 CET49912443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.155558109 CET49912443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.155646086 CET49911443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.155716896 CET49911443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.155811071 CET4434991234.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.155824900 CET4434991134.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.155999899 CET49913443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.156061888 CET49913443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.156239986 CET4434991334.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.156400919 CET49914443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.156466007 CET49914443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.156610966 CET4434991434.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.156670094 CET49912443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.156687021 CET49911443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.156708002 CET49913443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.156752110 CET49914443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.159651041 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.161523104 CET4434991534.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.161669016 CET49915443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.163368940 CET4434991634.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.164819956 CET49915443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.164832115 CET4434991534.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.165009022 CET49916443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.165111065 CET4434991534.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.167103052 CET49916443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.167135000 CET4434991634.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.167424917 CET4434991634.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.169946909 CET49915443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.170064926 CET49915443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.170150042 CET4434991534.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.170317888 CET49916443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.170381069 CET49916443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.170499086 CET4434991634.120.208.123192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.170566082 CET49915443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.170717001 CET49916443192.168.2.1134.120.208.123
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.280565023 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.476488113 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.481098890 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.517431021 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.600871086 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.797393084 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.849536896 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:16.492214918 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:16.611975908 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:16.815396070 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:16.935555935 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:26.622160912 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:26.741909981 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:26.945307016 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:27.065074921 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:36.653229952 CET49986443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:36.653311014 CET4434998634.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:36.654212952 CET49986443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:36.659985065 CET49986443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:36.660005093 CET4434998634.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:36.752945900 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:36.873317003 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:37.075973988 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:37.199281931 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:37.906409025 CET4434998634.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:37.906678915 CET49986443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:37.912084103 CET49986443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:37.912107944 CET4434998634.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:37.912189007 CET49986443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:37.912276983 CET4434998634.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:37.913029909 CET49986443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:37.914794922 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:38.035336971 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:38.255429029 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:38.259023905 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:38.310765982 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:38.379801035 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:38.580199957 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:38.627229929 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:48.269732952 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:48.389360905 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:48.586260080 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:48.705939054 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:58.399597883 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:58.519171953 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:58.716142893 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:58.835722923 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:08.526519060 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:08.646409988 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:08.843061924 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:08.962755919 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:18.655880928 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:18.775777102 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:18.972383976 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:19.092529058 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:28.787039042 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:28.906713009 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:29.103610992 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:29.223727942 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:38.916887045 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:39.036751032 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:39.233499050 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:39.353404999 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:49.046147108 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:49.166330099 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:49.362643957 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:49.482299089 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.293631077 CET50033443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.293674946 CET4435003334.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.294507980 CET50033443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.296720028 CET50033443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.296744108 CET4435003334.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.176136971 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.295972109 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.492713928 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.566050053 CET4435003334.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.566442013 CET50033443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.572499990 CET50033443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.572531939 CET4435003334.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.572679043 CET50033443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.572760105 CET4435003334.107.243.93192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.572967052 CET50033443192.168.2.1134.107.243.93
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.576417923 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.612596035 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.732265949 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.927750111 CET804982834.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.932564020 CET4976280192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.978657007 CET4982880192.168.2.1134.107.221.82
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 17:00:00.052354097 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 17:00:00.246424913 CET804976234.107.221.82192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 17:00:00.295245886 CET4976280192.168.2.1134.107.221.82

                                                                                                                                                                                                                                                                                                                                                                      UDP Packets

                                                                                                                                                                                                                                                                                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.022804976 CET5204353192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.160387039 CET53520431.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.161194086 CET6209853192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.298739910 CET53620981.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.431837082 CET5501053192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.432137966 CET5785853192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.569592953 CET53578581.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.577341080 CET5611653192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.582062960 CET6251553192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.714672089 CET53561161.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.719281912 CET53625151.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.724963903 CET5185453192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.724965096 CET5622153192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.790720940 CET5555653192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.862750053 CET53562211.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.862942934 CET53518541.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.928169966 CET53555561.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.885051966 CET5285753192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.926175117 CET4982653192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.022043943 CET53528571.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.022847891 CET5883153192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.064527035 CET53498261.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.065989017 CET5536253192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.160579920 CET53588311.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.178484917 CET6516653192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.193165064 CET4963553192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.199249029 CET6195753192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.201075077 CET5090953192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.203378916 CET53553621.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.209949970 CET5352353192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.315610886 CET53651661.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.336381912 CET53619571.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.338140011 CET53509091.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.347583055 CET53535231.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.544198990 CET6365353192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.577971935 CET5764253192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.578176022 CET6244853192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.714708090 CET53576421.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.714989901 CET53624481.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.723764896 CET5811953192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.723989010 CET6382053192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.860665083 CET53581191.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.862946033 CET53638201.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.997466087 CET53545971.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.032006025 CET6548553192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.240470886 CET53654851.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.241466045 CET5604553192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.389887094 CET53560451.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.394695044 CET5079453192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.537126064 CET53507941.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.848208904 CET5434653192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.985229969 CET53543461.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.993530035 CET6202153192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.029146910 CET6135053192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.131505013 CET53620211.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.143284082 CET6425553192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.166378975 CET53613501.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.170444012 CET5793153192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.312875986 CET53579311.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.351814985 CET53642551.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.717655897 CET5975453192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.910994053 CET5192853192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.612981081 CET53597541.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.628503084 CET6128753192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.766729116 CET53612871.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.777637005 CET5368353192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.086399078 CET53536831.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.239114046 CET6026053192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.239413977 CET5749453192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.239679098 CET6046653192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.255006075 CET6168353192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.376760006 CET53602601.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.376791000 CET53604661.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.377265930 CET53574941.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.424985886 CET5711153192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.425345898 CET5042553192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.426371098 CET5174453192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.562405109 CET53504251.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.563278913 CET6239353192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.563960075 CET53571111.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.564884901 CET6061753192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.565548897 CET53517441.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.566111088 CET5662853192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.700231075 CET53623931.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.701071978 CET5880253192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.702269077 CET53606171.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.702748060 CET5876453192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.702828884 CET53566281.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.704202890 CET5091653192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.838009119 CET53588021.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.839596987 CET53587641.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.840996027 CET53509161.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.301991940 CET5768953192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.302475929 CET5910153192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.304270029 CET5093853192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.439579964 CET53591011.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.442080975 CET53509381.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.442758083 CET5569853192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.519800901 CET53576891.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.520636082 CET5862753192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.579884052 CET53556981.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.660960913 CET53586271.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:33.364397049 CET6106953192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:33.505351067 CET53610691.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.591764927 CET6379953192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.872071028 CET5664953192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.893481970 CET5524453192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.919437885 CET5634553192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.062498093 CET53563451.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.065980911 CET6080453192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.102907896 CET53552441.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.121182919 CET53566491.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.121920109 CET6152253192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.122288942 CET4979553192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.205420017 CET53608041.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.206108093 CET5848453192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.259126902 CET53615221.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.262737036 CET53497951.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.263410091 CET6475853192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.344724894 CET53584841.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.403234005 CET53647581.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:54.820775986 CET6096253192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:54.957878113 CET53609621.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.905807018 CET5034853192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:05.045031071 CET53503481.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:36.512641907 CET5757153192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:36.651274920 CET53575711.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:36.654217958 CET6155753192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:36.792150974 CET53615571.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:37.915071011 CET5740653192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.013767004 CET5793053192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.152035952 CET53579301.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.153527021 CET6311153192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.291296959 CET53631111.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.293329954 CET5582853192.168.2.111.1.1.1
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.431035995 CET53558281.1.1.1192.168.2.11
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.576281071 CET6191253192.168.2.111.1.1.1

                                                                                                                                                                                                                                                                                                                                                                      DNS Queries

                                                                                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.022804976 CET192.168.2.111.1.1.10x16d8Standard query (0)prod.classify-client.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.161194086 CET192.168.2.111.1.1.10x772fStandard query (0)prod.classify-client.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.431837082 CET192.168.2.111.1.1.10x30f0Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.432137966 CET192.168.2.111.1.1.10xaabdStandard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.577341080 CET192.168.2.111.1.1.10x3487Standard query (0)prod.detectportal.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.582062960 CET192.168.2.111.1.1.10x8417Standard query (0)youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.724963903 CET192.168.2.111.1.1.10x8abbStandard query (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.724965096 CET192.168.2.111.1.1.10xf167Standard query (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.790720940 CET192.168.2.111.1.1.10x788dStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.885051966 CET192.168.2.111.1.1.10x3b1fStandard query (0)contile.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.926175117 CET192.168.2.111.1.1.10x2217Standard query (0)spocs.getpocket.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.022847891 CET192.168.2.111.1.1.10x8e5Standard query (0)contile.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.065989017 CET192.168.2.111.1.1.10x99d2Standard query (0)prod.ads.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.178484917 CET192.168.2.111.1.1.10x434bStandard query (0)content-signature-2.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.193165064 CET192.168.2.111.1.1.10xe8ccStandard query (0)shavar.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.199249029 CET192.168.2.111.1.1.10x526Standard query (0)example.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.201075077 CET192.168.2.111.1.1.10x6896Standard query (0)ipv4only.arpaA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.209949970 CET192.168.2.111.1.1.10xcff2Standard query (0)prod.ads.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.544198990 CET192.168.2.111.1.1.10x6477Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.577971935 CET192.168.2.111.1.1.10xf5e3Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.578176022 CET192.168.2.111.1.1.10xe003Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.723764896 CET192.168.2.111.1.1.10xb689Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.723989010 CET192.168.2.111.1.1.10x16d6Standard query (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.032006025 CET192.168.2.111.1.1.10x7bb0Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.241466045 CET192.168.2.111.1.1.10xcf6aStandard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.394695044 CET192.168.2.111.1.1.10xdc6fStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.848208904 CET192.168.2.111.1.1.10xaf1aStandard query (0)firefox.settings.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.993530035 CET192.168.2.111.1.1.10xf294Standard query (0)telemetry-incoming.r53-2.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.029146910 CET192.168.2.111.1.1.10xbdbbStandard query (0)prod.remote-settings.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.143284082 CET192.168.2.111.1.1.10x171cStandard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.170444012 CET192.168.2.111.1.1.10x4e9cStandard query (0)prod.remote-settings.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.717655897 CET192.168.2.111.1.1.10xd955Standard query (0)support.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:14.910994053 CET192.168.2.111.1.1.10x69d3Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.628503084 CET192.168.2.111.1.1.10xafceStandard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.777637005 CET192.168.2.111.1.1.10x11f8Standard query (0)us-west1.prod.sumo.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.239114046 CET192.168.2.111.1.1.10x5187Standard query (0)www.youtube.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.239413977 CET192.168.2.111.1.1.10x5e06Standard query (0)www.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.239679098 CET192.168.2.111.1.1.10x75fcStandard query (0)www.wikipedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.255006075 CET192.168.2.111.1.1.10x774bStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.424985886 CET192.168.2.111.1.1.10x5119Standard query (0)dyna.wikimedia.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.425345898 CET192.168.2.111.1.1.10x85a0Standard query (0)youtube-ui.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.426371098 CET192.168.2.111.1.1.10xfae2Standard query (0)star-mini.c10r.facebook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.563278913 CET192.168.2.111.1.1.10xc10eStandard query (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.564884901 CET192.168.2.111.1.1.10xd11dStandard query (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.566111088 CET192.168.2.111.1.1.10xad8bStandard query (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.701071978 CET192.168.2.111.1.1.10x9f38Standard query (0)www.reddit.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.702748060 CET192.168.2.111.1.1.10xd2c6Standard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.704202890 CET192.168.2.111.1.1.10xec4aStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.301991940 CET192.168.2.111.1.1.10xc8c8Standard query (0)reddit.map.fastly.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.302475929 CET192.168.2.111.1.1.10xfe9aStandard query (0)twitter.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.304270029 CET192.168.2.111.1.1.10xea51Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.442758083 CET192.168.2.111.1.1.10x536aStandard query (0)twitter.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.520636082 CET192.168.2.111.1.1.10x6696Standard query (0)reddit.map.fastly.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:33.364397049 CET192.168.2.111.1.1.10x2f87Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.591764927 CET192.168.2.111.1.1.10xf21eStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.872071028 CET192.168.2.111.1.1.10xee5Standard query (0)prod.balrog.prod.cloudops.mozgcp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.893481970 CET192.168.2.111.1.1.10x307fStandard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.919437885 CET192.168.2.111.1.1.10x6cStandard query (0)normandy.cdn.mozilla.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.065980911 CET192.168.2.111.1.1.10x42f9Standard query (0)normandy-cdn.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.121920109 CET192.168.2.111.1.1.10x5fe6Standard query (0)prod.balrog.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.122288942 CET192.168.2.111.1.1.10xb612Standard query (0)services.addons.mozilla.orgA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.206108093 CET192.168.2.111.1.1.10xd576Standard query (0)normandy-cdn.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.263410091 CET192.168.2.111.1.1.10xfe69Standard query (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:54.820775986 CET192.168.2.111.1.1.10x7836Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:04.905807018 CET192.168.2.111.1.1.10xcf36Standard query (0)telemetry-incoming.r53-2.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:36.512641907 CET192.168.2.111.1.1.10xbef4Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:36.654217958 CET192.168.2.111.1.1.10xf9d9Standard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:37.915071011 CET192.168.2.111.1.1.10xca27Standard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.013767004 CET192.168.2.111.1.1.10xa201Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.153527021 CET192.168.2.111.1.1.10x94f2Standard query (0)push.services.mozilla.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.293329954 CET192.168.2.111.1.1.10x60fdStandard query (0)push.services.mozilla.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.576281071 CET192.168.2.111.1.1.10xedfdStandard query (0)detectportal.firefox.comA (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                      DNS Answers

                                                                                                                                                                                                                                                                                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:56:55.546416044 CET1.1.1.1192.168.2.110xa15cNo error (0)shed.dual-low.s-part-0035.t-0009.t-msedge.nets-part-0035.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:56:55.546416044 CET1.1.1.1192.168.2.110xa15cNo error (0)s-part-0035.t-0009.t-msedge.net13.107.246.63A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.010147095 CET1.1.1.1192.168.2.110x169No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.160387039 CET1.1.1.1192.168.2.110x16d8No error (0)prod.classify-client.prod.webservices.mozgcp.net35.190.72.216A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.568955898 CET1.1.1.1192.168.2.110x30f0No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.568955898 CET1.1.1.1192.168.2.110x30f0No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.569592953 CET1.1.1.1192.168.2.110xaabdNo error (0)youtube.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.714672089 CET1.1.1.1192.168.2.110x3487No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.719281912 CET1.1.1.1192.168.2.110x8417No error (0)youtube.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.862750053 CET1.1.1.1192.168.2.110xf167No error (0)prod.detectportal.prod.cloudops.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.862942934 CET1.1.1.1192.168.2.110x8abbNo error (0)youtube.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:07.928169966 CET1.1.1.1192.168.2.110x788dNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.022043943 CET1.1.1.1192.168.2.110x3b1fNo error (0)contile.services.mozilla.com34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.064527035 CET1.1.1.1192.168.2.110x2217No error (0)spocs.getpocket.comprod.ads.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.064527035 CET1.1.1.1192.168.2.110x2217No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.203378916 CET1.1.1.1192.168.2.110x99d2No error (0)prod.ads.prod.webservices.mozgcp.net34.117.188.166A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.315610886 CET1.1.1.1192.168.2.110x434bNo error (0)content-signature-2.cdn.mozilla.netcontent-signature-chains.prod.autograph.services.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.315610886 CET1.1.1.1192.168.2.110x434bNo error (0)content-signature-chains.prod.autograph.services.mozaws.netprod.content-signature-chains.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.315610886 CET1.1.1.1192.168.2.110x434bNo error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.319586992 CET1.1.1.1192.168.2.110x6beaNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.319586992 CET1.1.1.1192.168.2.110x6beaNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.331089020 CET1.1.1.1192.168.2.110xe8ccNo error (0)shavar.services.mozilla.comshavar.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.336381912 CET1.1.1.1192.168.2.110x526No error (0)example.org93.184.215.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.338140011 CET1.1.1.1192.168.2.110x6896No error (0)ipv4only.arpa192.0.0.171A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.338140011 CET1.1.1.1192.168.2.110x6896No error (0)ipv4only.arpa192.0.0.170A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.682322979 CET1.1.1.1192.168.2.110x6477No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.682322979 CET1.1.1.1192.168.2.110x6477No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.714708090 CET1.1.1.1192.168.2.110xf5e3No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.714989901 CET1.1.1.1192.168.2.110xe003No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net34.160.144.191A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.862946033 CET1.1.1.1192.168.2.110x16d6No error (0)prod.content-signature-chains.prod.webservices.mozgcp.net28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.240470886 CET1.1.1.1192.168.2.110x7bb0No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.389887094 CET1.1.1.1192.168.2.110xcf6aNo error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.965718031 CET1.1.1.1192.168.2.110x9b79No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.985229969 CET1.1.1.1192.168.2.110xaf1aNo error (0)firefox.settings.services.mozilla.comprod.remote-settings.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.985229969 CET1.1.1.1192.168.2.110xaf1aNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.989221096 CET1.1.1.1192.168.2.110x372aNo error (0)balrog-aus5.r53-2.services.mozilla.comprod.balrog.prod.cloudops.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.989221096 CET1.1.1.1192.168.2.110x372aNo error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.131505013 CET1.1.1.1192.168.2.110xf294No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.166378975 CET1.1.1.1192.168.2.110xbdbbNo error (0)prod.remote-settings.prod.webservices.mozgcp.net34.149.100.209A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.049351931 CET1.1.1.1192.168.2.110x69d3No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.049351931 CET1.1.1.1192.168.2.110x69d3No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.139705896 CET1.1.1.1192.168.2.110xfd88No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.612981081 CET1.1.1.1192.168.2.110xd955No error (0)support.mozilla.orgprod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.612981081 CET1.1.1.1192.168.2.110xd955No error (0)prod.sumo.prod.webservices.mozgcp.netus-west1.prod.sumo.prod.webservices.mozgcp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.612981081 CET1.1.1.1192.168.2.110xd955No error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.766729116 CET1.1.1.1192.168.2.110xafceNo error (0)us-west1.prod.sumo.prod.webservices.mozgcp.net34.149.128.2A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.376760006 CET1.1.1.1192.168.2.110x5187No error (0)www.youtube.comyoutube-ui.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.376760006 CET1.1.1.1192.168.2.110x5187No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.376760006 CET1.1.1.1192.168.2.110x5187No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.376760006 CET1.1.1.1192.168.2.110x5187No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.376760006 CET1.1.1.1192.168.2.110x5187No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.376760006 CET1.1.1.1192.168.2.110x5187No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.376760006 CET1.1.1.1192.168.2.110x5187No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.376760006 CET1.1.1.1192.168.2.110x5187No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.376760006 CET1.1.1.1192.168.2.110x5187No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.376760006 CET1.1.1.1192.168.2.110x5187No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.376760006 CET1.1.1.1192.168.2.110x5187No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.376791000 CET1.1.1.1192.168.2.110x75fcNo error (0)www.wikipedia.orgdyna.wikimedia.orgCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.376791000 CET1.1.1.1192.168.2.110x75fcNo error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.377265930 CET1.1.1.1192.168.2.110x5e06No error (0)www.facebook.comstar-mini.c10r.facebook.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.377265930 CET1.1.1.1192.168.2.110x5e06No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.395097971 CET1.1.1.1192.168.2.110x774bNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.395097971 CET1.1.1.1192.168.2.110x774bNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.562405109 CET1.1.1.1192.168.2.110x85a0No error (0)youtube-ui.l.google.com142.250.181.142A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.562405109 CET1.1.1.1192.168.2.110x85a0No error (0)youtube-ui.l.google.com216.58.208.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.562405109 CET1.1.1.1192.168.2.110x85a0No error (0)youtube-ui.l.google.com172.217.19.14A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.562405109 CET1.1.1.1192.168.2.110x85a0No error (0)youtube-ui.l.google.com172.217.19.206A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.562405109 CET1.1.1.1192.168.2.110x85a0No error (0)youtube-ui.l.google.com172.217.19.238A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.562405109 CET1.1.1.1192.168.2.110x85a0No error (0)youtube-ui.l.google.com172.217.17.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.562405109 CET1.1.1.1192.168.2.110x85a0No error (0)youtube-ui.l.google.com142.250.181.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.562405109 CET1.1.1.1192.168.2.110x85a0No error (0)youtube-ui.l.google.com172.217.19.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.562405109 CET1.1.1.1192.168.2.110x85a0No error (0)youtube-ui.l.google.com172.217.17.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.562405109 CET1.1.1.1192.168.2.110x85a0No error (0)youtube-ui.l.google.com142.250.181.46A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.562405109 CET1.1.1.1192.168.2.110x85a0No error (0)youtube-ui.l.google.com142.250.181.78A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.563960075 CET1.1.1.1192.168.2.110x5119No error (0)dyna.wikimedia.org185.15.58.224A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.565548897 CET1.1.1.1192.168.2.110xfae2No error (0)star-mini.c10r.facebook.com157.240.196.35A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.700231075 CET1.1.1.1192.168.2.110xc10eNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.700231075 CET1.1.1.1192.168.2.110xc10eNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.700231075 CET1.1.1.1192.168.2.110xc10eNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.700231075 CET1.1.1.1192.168.2.110xc10eNo error (0)youtube-ui.l.google.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.702269077 CET1.1.1.1192.168.2.110xd11dNo error (0)dyna.wikimedia.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.702828884 CET1.1.1.1192.168.2.110xad8bNo error (0)star-mini.c10r.facebook.com28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.726752996 CET1.1.1.1192.168.2.110x56d4No error (0)telemetry-incoming.r53-2.services.mozilla.com34.120.208.123A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.838009119 CET1.1.1.1192.168.2.110x9f38No error (0)www.reddit.comreddit.map.fastly.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.838009119 CET1.1.1.1192.168.2.110x9f38No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.838009119 CET1.1.1.1192.168.2.110x9f38No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.838009119 CET1.1.1.1192.168.2.110x9f38No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.838009119 CET1.1.1.1192.168.2.110x9f38No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.839596987 CET1.1.1.1192.168.2.110xd2c6No error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.439579964 CET1.1.1.1192.168.2.110xfe9aNo error (0)twitter.com104.244.42.129A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.519800901 CET1.1.1.1192.168.2.110xc8c8No error (0)reddit.map.fastly.net151.101.1.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.519800901 CET1.1.1.1192.168.2.110xc8c8No error (0)reddit.map.fastly.net151.101.65.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.519800901 CET1.1.1.1192.168.2.110xc8c8No error (0)reddit.map.fastly.net151.101.129.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:21.519800901 CET1.1.1.1192.168.2.110xc8c8No error (0)reddit.map.fastly.net151.101.193.140A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.729341984 CET1.1.1.1192.168.2.110xf21eNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.729341984 CET1.1.1.1192.168.2.110xf21eNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.062498093 CET1.1.1.1192.168.2.110x6cNo error (0)normandy.cdn.mozilla.netnormandy-cdn.services.mozilla.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.062498093 CET1.1.1.1192.168.2.110x6cNo error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.102907896 CET1.1.1.1192.168.2.110x307fNo error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.102907896 CET1.1.1.1192.168.2.110x307fNo error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.102907896 CET1.1.1.1192.168.2.110x307fNo error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.102907896 CET1.1.1.1192.168.2.110x307fNo error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.121182919 CET1.1.1.1192.168.2.110xee5No error (0)prod.balrog.prod.cloudops.mozgcp.net35.244.181.201A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.205420017 CET1.1.1.1192.168.2.110x42f9No error (0)normandy-cdn.services.mozilla.com35.201.103.21A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.262737036 CET1.1.1.1192.168.2.110xb612No error (0)services.addons.mozilla.org151.101.1.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.262737036 CET1.1.1.1192.168.2.110xb612No error (0)services.addons.mozilla.org151.101.65.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.262737036 CET1.1.1.1192.168.2.110xb612No error (0)services.addons.mozilla.org151.101.129.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.262737036 CET1.1.1.1192.168.2.110xb612No error (0)services.addons.mozilla.org151.101.193.91A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.403234005 CET1.1.1.1192.168.2.110xfe69No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.403234005 CET1.1.1.1192.168.2.110xfe69No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.403234005 CET1.1.1.1192.168.2.110xfe69No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.403234005 CET1.1.1.1192.168.2.110xfe69No error (0)services.addons.mozilla.org28IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:38.175241947 CET1.1.1.1192.168.2.110xf6e9No error (0)a21ed24aedde648804e7-228765c84088fef4ff5e70f2710398e9.r17.cf1.rackcdn.coma17.rackcdn.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:38.175241947 CET1.1.1.1192.168.2.110xf6e9No error (0)a17.rackcdn.coma17.rackcdn.com.mdc.edgesuite.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:36.651274920 CET1.1.1.1192.168.2.110xbef4No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:38.052915096 CET1.1.1.1192.168.2.110xca27No error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:38.052915096 CET1.1.1.1192.168.2.110xca27No error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.152035952 CET1.1.1.1192.168.2.110xa201No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:58.291296959 CET1.1.1.1192.168.2.110x94f2No error (0)push.services.mozilla.com34.107.243.93A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.753207922 CET1.1.1.1192.168.2.110xedfdNo error (0)detectportal.firefox.comdetectportal.prod.mozaws.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.753207922 CET1.1.1.1192.168.2.110xedfdNo error (0)prod.detectportal.prod.cloudops.mozgcp.net34.107.221.82A (IP address)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                                                                      HTTP Request Dependency Graph

                                                                                                                                                                                                                                                                                                                                                                      • detectportal.firefox.com

                                                                                                                                                                                                                                                                                                                                                                      HTTP Packets

                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      0192.168.2.114973734.107.221.82803764C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:08.871790886 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.186229944 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 20495
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      1192.168.2.114974934.107.221.82803764C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:09.804018974 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.889270067 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 53322
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      2192.168.2.114975434.107.221.82803764C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:10.480146885 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.583812952 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 10:15:34 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 20497
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      3192.168.2.114976234.107.221.82803764C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:11.748146057 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:12.879873991 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 53324
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.255134106 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.581140041 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 53332
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.287781000 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.602511883 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 53335
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:24.034743071 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:24.349056005 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 53336
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:25.018627882 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:25.332284927 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 53337
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:35.342526913 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.006757975 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.383925915 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 53348
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.580893993 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.896656036 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 53348
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.977746964 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:38.291585922 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 53350
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:48.303539991 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:51.281949997 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:51.596261024 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 53363
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.365458965 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.682032108 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 53368
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.481098890 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.797393084 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 53378
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:16.815396070 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:26.945307016 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:37.075973988 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:38.259023905 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:38.580199957 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 53410
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:48.586260080 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:58.716142893 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:08.843061924 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:18.972383976 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:29.103610992 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.932564020 CET305OUTGET /success.txt?ipv4 HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 17:00:00.246424913 CET216INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 8
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 01:08:28 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 53492
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/plain
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 73 75 63 63 65 73 73 0a
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: success


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      4192.168.2.114977334.107.221.82803764C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:15.032691002 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:16.163435936 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 20871
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.569936991 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:20.886969090 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 20875
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.440700054 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:23.755848885 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 20878
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:24.088614941 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:24.403081894 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 20879
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                                                                                                                                                                      5192.168.2.114982834.107.221.82803764C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      TimestampBytes transferredDirectionData
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:34.862036943 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.003635883 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 20890
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.188632011 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:36.577584028 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 20891
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.658979893 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:37.974355936 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 20892
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:47.980319977 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:50.963696003 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:51.278594017 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 20906
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.046907902 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:57:56.361845016 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 20911
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.159651041 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:06.476488113 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 20921
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:16.492214918 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:26.622160912 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:36.752945900 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:37.914794922 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:38.255429029 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 20953
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:48.269732952 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:58:58.399597883 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:08.526519060 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:18.655880928 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:28.787039042 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:38.916887045 CET6OUTData Raw: 00
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii:
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.576417923 CET303OUTGET /canonical.html HTTP/1.1
                                                                                                                                                                                                                                                                                                                                                                      Host: detectportal.firefox.com
                                                                                                                                                                                                                                                                                                                                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:109.0) Gecko/20100101 Firefox/118.0
                                                                                                                                                                                                                                                                                                                                                                      Accept: */*
                                                                                                                                                                                                                                                                                                                                                                      Accept-Language: en-US,en;q=0.5
                                                                                                                                                                                                                                                                                                                                                                      Accept-Encoding: gzip, deflate
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Pragma: no-cache
                                                                                                                                                                                                                                                                                                                                                                      Connection: keep-alive
                                                                                                                                                                                                                                                                                                                                                                      Dec 20, 2024 16:59:59.927750111 CET298INHTTP/1.1 200 OK
                                                                                                                                                                                                                                                                                                                                                                      Server: nginx
                                                                                                                                                                                                                                                                                                                                                                      Content-Length: 90
                                                                                                                                                                                                                                                                                                                                                                      Via: 1.1 google
                                                                                                                                                                                                                                                                                                                                                                      Date: Fri, 20 Dec 2024 10:09:25 GMT
                                                                                                                                                                                                                                                                                                                                                                      Age: 21034
                                                                                                                                                                                                                                                                                                                                                                      Content-Type: text/html
                                                                                                                                                                                                                                                                                                                                                                      Cache-Control: public,must-revalidate,max-age=0,s-maxage=3600
                                                                                                                                                                                                                                                                                                                                                                      Data Raw: 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 72 65 66 72 65 73 68 22 20 63 6f 6e 74 65 6e 74 3d 22 30 3b 75 72 6c 3d 68 74 74 70 73 3a 2f 2f 73 75 70 70 6f 72 74 2e 6d 6f 7a 69 6c 6c 61 2e 6f 72 67 2f 6b 62 2f 63 61 70 74 69 76 65 2d 70 6f 72 74 61 6c 22 2f 3e
                                                                                                                                                                                                                                                                                                                                                                      Data Ascii: <meta http-equiv="refresh" content="0;url=https://support.mozilla.org/kb/captive-portal"/>


                                                                                                                                                                                                                                                                                                                                                                      Statistics

                                                                                                                                                                                                                                                                                                                                                                      CPU Usage

                                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                      Memory Usage

                                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                      High Level Behavior Distribution

                                                                                                                                                                                                                                                                                                                                                                      Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                                                                      Behavior

                                                                                                                                                                                                                                                                                                                                                                      Click to jump to process

                                                                                                                                                                                                                                                                                                                                                                      System Behavior

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:0
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:56:57
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Users\user\Desktop\gTU8ed4669.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Users\user\Desktop\gTU8ed4669.exe"
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x870000
                                                                                                                                                                                                                                                                                                                                                                      File size:970'240 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:2177E5DD54A3815B8535B4E6902C1777
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:low
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:2
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:56:58
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                      Commandline:taskkill /F /IM firefox.exe /T
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x9d0000
                                                                                                                                                                                                                                                                                                                                                                      File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:3
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:56:58
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:4
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:57:00
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                      Commandline:taskkill /F /IM chrome.exe /T
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x9d0000
                                                                                                                                                                                                                                                                                                                                                                      File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:5
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:57:00
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:6
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:57:00
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                      Commandline:taskkill /F /IM msedge.exe /T
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x9d0000
                                                                                                                                                                                                                                                                                                                                                                      File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:7
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:57:00
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:8
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:57:01
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                      Commandline:taskkill /F /IM opera.exe /T
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x9d0000
                                                                                                                                                                                                                                                                                                                                                                      File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:9
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:57:01
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:10
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:57:01
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\SysWOW64\taskkill.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                                                                      Commandline:taskkill /F /IM brave.exe /T
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x9d0000
                                                                                                                                                                                                                                                                                                                                                                      File size:74'240 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:CA313FD7E6C2A778FFD21CFB5C1C56CD
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Reputation:high
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:11
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:57:01
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff68cce0000
                                                                                                                                                                                                                                                                                                                                                                      File size:862'208 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:12
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:57:01
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk "https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd" --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6de060000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:13
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:57:02
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking --attempting-deelevation
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6de060000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:true

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:14
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:57:02
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" --kiosk https://youtube.com/account?=https://accounts.google.com/v3/signin/challenge/pwd --no-default-browser-check --disable-popup-blocking
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6de060000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:16
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:57:03
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2280 -parentBuildID 20230927232528 -prefsHandle 2208 -prefMapHandle 2200 -prefsLen 25393 -prefMapSize 238472 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {adacb488-456f-4bdd-b503-fae0723e806e} 3764 "\\.\pipe\gecko-crash-server-pipe.3764" 194ece70b10 socket
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6de060000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:18
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:57:05
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4380 -parentBuildID 20230927232528 -prefsHandle 4320 -prefMapHandle 4316 -prefsLen 26408 -prefMapSize 238472 -appDir "C:\Program Files\Mozilla Firefox\browser" - {46853b82-603f-431f-9c20-12d6f5692070} 3764 "\\.\pipe\gecko-crash-server-pipe.3764" 194feec8210 rdd
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6de060000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      General

                                                                                                                                                                                                                                                                                                                                                                      Target ID:19
                                                                                                                                                                                                                                                                                                                                                                      Start time:10:57:09
                                                                                                                                                                                                                                                                                                                                                                      Start date:20/12/2024
                                                                                                                                                                                                                                                                                                                                                                      Path:C:\Program Files\Mozilla Firefox\firefox.exe
                                                                                                                                                                                                                                                                                                                                                                      Wow64 process (32bit):false
                                                                                                                                                                                                                                                                                                                                                                      Commandline:"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5064 -parentBuildID 20230927232528 -sandboxingKind 0 -prefsHandle 5056 -prefMapHandle 5052 -prefsLen 33559 -prefMapSize 238472 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {fdfaa482-0641-42af-836a-eca09acadf2a} 3764 "\\.\pipe\gecko-crash-server-pipe.3764" 194fd69f710 utility
                                                                                                                                                                                                                                                                                                                                                                      Imagebase:0x7ff6de060000
                                                                                                                                                                                                                                                                                                                                                                      File size:676'768 bytes
                                                                                                                                                                                                                                                                                                                                                                      MD5 hash:C86B1BE9ED6496FE0E0CBE73F81D8045
                                                                                                                                                                                                                                                                                                                                                                      Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                                                                      Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                                                                      Has exited:false

                                                                                                                                                                                                                                                                                                                                                                      Disassembly

                                                                                                                                                                                                                                                                                                                                                                      Reset < >

                                                                                                                                                                                                                                                                                                                                                                        Execution Graph

                                                                                                                                                                                                                                                                                                                                                                        Execution Coverage:2.7%
                                                                                                                                                                                                                                                                                                                                                                        Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                                                                        Signature Coverage:4%
                                                                                                                                                                                                                                                                                                                                                                        Total number of Nodes:1868
                                                                                                                                                                                                                                                                                                                                                                        Total number of Limit Nodes:65
                                                                                                                                                                                                                                                                                                                                                                        execution_graph 96083 871044 96088 8710f3 96083->96088 96085 87104a 96124 8900a3 29 API calls __onexit 96085->96124 96087 871054 96125 871398 96088->96125 96092 87116a 96135 87a961 96092->96135 96095 87a961 22 API calls 96096 87117e 96095->96096 96097 87a961 22 API calls 96096->96097 96098 871188 96097->96098 96099 87a961 22 API calls 96098->96099 96100 8711c6 96099->96100 96101 87a961 22 API calls 96100->96101 96102 871292 96101->96102 96140 87171c 96102->96140 96106 8712c4 96107 87a961 22 API calls 96106->96107 96108 8712ce 96107->96108 96161 881940 96108->96161 96110 8712f9 96171 871aab 96110->96171 96112 871315 96113 871325 GetStdHandle 96112->96113 96114 87137a 96113->96114 96115 8b2485 96113->96115 96118 871387 OleInitialize 96114->96118 96115->96114 96116 8b248e 96115->96116 96178 88fddb 96116->96178 96118->96085 96119 8b2495 96188 8e011d InitializeCriticalSectionAndSpinCount InterlockedExchange GetCurrentProcess GetCurrentProcess DuplicateHandle 96119->96188 96121 8b249e 96189 8e0944 CreateThread 96121->96189 96123 8b24aa CloseHandle 96123->96114 96124->96087 96190 8713f1 96125->96190 96128 8713f1 22 API calls 96129 8713d0 96128->96129 96130 87a961 22 API calls 96129->96130 96131 8713dc 96130->96131 96197 876b57 96131->96197 96133 871129 96134 871bc3 6 API calls 96133->96134 96134->96092 96136 88fe0b 22 API calls 96135->96136 96137 87a976 96136->96137 96138 88fddb 22 API calls 96137->96138 96139 871174 96138->96139 96139->96095 96141 87a961 22 API calls 96140->96141 96142 87172c 96141->96142 96143 87a961 22 API calls 96142->96143 96144 871734 96143->96144 96145 87a961 22 API calls 96144->96145 96146 87174f 96145->96146 96147 88fddb 22 API calls 96146->96147 96148 87129c 96147->96148 96149 871b4a 96148->96149 96150 871b58 96149->96150 96151 87a961 22 API calls 96150->96151 96152 871b63 96151->96152 96153 87a961 22 API calls 96152->96153 96154 871b6e 96153->96154 96155 87a961 22 API calls 96154->96155 96156 871b79 96155->96156 96157 87a961 22 API calls 96156->96157 96158 871b84 96157->96158 96159 88fddb 22 API calls 96158->96159 96160 871b96 RegisterWindowMessageW 96159->96160 96160->96106 96162 881981 96161->96162 96166 88195d 96161->96166 96242 890242 5 API calls __Init_thread_wait 96162->96242 96164 88198b 96164->96166 96243 8901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96164->96243 96170 88196e 96166->96170 96244 890242 5 API calls __Init_thread_wait 96166->96244 96167 888727 96167->96170 96245 8901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96167->96245 96170->96110 96172 8b272d 96171->96172 96173 871abb 96171->96173 96246 8e3209 23 API calls 96172->96246 96175 88fddb 22 API calls 96173->96175 96177 871ac3 96175->96177 96176 8b2738 96177->96112 96181 88fde0 96178->96181 96179 89ea0c ___std_exception_copy 21 API calls 96179->96181 96180 88fdfa 96180->96119 96181->96179 96181->96180 96184 88fdfc 96181->96184 96247 894ead 7 API calls 2 library calls 96181->96247 96183 89066d 96249 8932a4 RaiseException 96183->96249 96184->96183 96248 8932a4 RaiseException 96184->96248 96187 89068a 96187->96119 96188->96121 96189->96123 96250 8e092a 28 API calls 96189->96250 96191 87a961 22 API calls 96190->96191 96192 8713fc 96191->96192 96193 87a961 22 API calls 96192->96193 96194 871404 96193->96194 96195 87a961 22 API calls 96194->96195 96196 8713c6 96195->96196 96196->96128 96198 876b67 _wcslen 96197->96198 96199 8b4ba1 96197->96199 96202 876ba2 96198->96202 96203 876b7d 96198->96203 96220 8793b2 96199->96220 96201 8b4baa 96201->96201 96204 88fddb 22 API calls 96202->96204 96209 876f34 22 API calls 96203->96209 96206 876bae 96204->96206 96210 88fe0b 96206->96210 96207 876b85 __fread_nolock 96207->96133 96209->96207 96214 88fddb 96210->96214 96212 88fdfa 96212->96207 96214->96212 96216 88fdfc 96214->96216 96224 89ea0c 96214->96224 96231 894ead 7 API calls 2 library calls 96214->96231 96215 89066d 96233 8932a4 RaiseException 96215->96233 96216->96215 96232 8932a4 RaiseException 96216->96232 96219 89068a 96219->96207 96221 8793c0 96220->96221 96223 8793c9 __fread_nolock 96220->96223 96221->96223 96236 87aec9 96221->96236 96223->96201 96229 8a3820 _abort 96224->96229 96225 8a385e 96235 89f2d9 20 API calls _abort 96225->96235 96226 8a3849 RtlAllocateHeap 96228 8a385c 96226->96228 96226->96229 96228->96214 96229->96225 96229->96226 96234 894ead 7 API calls 2 library calls 96229->96234 96231->96214 96232->96215 96233->96219 96234->96229 96235->96228 96237 87aedc 96236->96237 96241 87aed9 __fread_nolock 96236->96241 96238 88fddb 22 API calls 96237->96238 96239 87aee7 96238->96239 96240 88fe0b 22 API calls 96239->96240 96240->96241 96241->96223 96242->96164 96243->96166 96244->96167 96245->96170 96246->96176 96247->96181 96248->96183 96249->96187 96251 902a55 96259 8e1ebc 96251->96259 96254 902a70 96261 8d39c0 22 API calls 96254->96261 96256 902a7c 96262 8d417d 22 API calls __fread_nolock 96256->96262 96258 902a87 96260 8e1ec3 IsWindow 96259->96260 96260->96254 96260->96258 96261->96256 96262->96258 96263 8a8402 96268 8a81be 96263->96268 96267 8a842a 96273 8a81ef try_get_first_available_module 96268->96273 96270 8a83ee 96287 8a27ec 26 API calls _abort 96270->96287 96272 8a8343 96272->96267 96280 8b0984 96272->96280 96276 8a8338 96273->96276 96283 898e0b 40 API calls 2 library calls 96273->96283 96275 8a838c 96275->96276 96284 898e0b 40 API calls 2 library calls 96275->96284 96276->96272 96286 89f2d9 20 API calls _abort 96276->96286 96278 8a83ab 96278->96276 96285 898e0b 40 API calls 2 library calls 96278->96285 96288 8b0081 96280->96288 96282 8b099f 96282->96267 96283->96275 96284->96278 96285->96276 96286->96270 96287->96272 96291 8b008d __FrameHandler3::FrameUnwindToState 96288->96291 96289 8b009b 96346 89f2d9 20 API calls _abort 96289->96346 96291->96289 96293 8b00d4 96291->96293 96292 8b00a0 96347 8a27ec 26 API calls _abort 96292->96347 96299 8b065b 96293->96299 96298 8b00aa __fread_nolock 96298->96282 96349 8b042f 96299->96349 96302 8b068d 96381 89f2c6 20 API calls _abort 96302->96381 96303 8b06a6 96367 8a5221 96303->96367 96306 8b06ab 96307 8b06cb 96306->96307 96308 8b06b4 96306->96308 96380 8b039a CreateFileW 96307->96380 96383 89f2c6 20 API calls _abort 96308->96383 96312 8b00f8 96348 8b0121 LeaveCriticalSection __wsopen_s 96312->96348 96313 8b06b9 96384 89f2d9 20 API calls _abort 96313->96384 96315 8b0781 GetFileType 96318 8b078c GetLastError 96315->96318 96319 8b07d3 96315->96319 96316 8b0692 96382 89f2d9 20 API calls _abort 96316->96382 96317 8b0756 GetLastError 96386 89f2a3 20 API calls 2 library calls 96317->96386 96387 89f2a3 20 API calls 2 library calls 96318->96387 96389 8a516a 21 API calls 3 library calls 96319->96389 96320 8b0704 96320->96315 96320->96317 96385 8b039a CreateFileW 96320->96385 96323 8b079a CloseHandle 96323->96316 96325 8b07c3 96323->96325 96388 89f2d9 20 API calls _abort 96325->96388 96327 8b0749 96327->96315 96327->96317 96329 8b07f4 96331 8b0840 96329->96331 96390 8b05ab 72 API calls 4 library calls 96329->96390 96330 8b07c8 96330->96316 96336 8b086d 96331->96336 96391 8b014d 72 API calls 4 library calls 96331->96391 96334 8b0866 96335 8b087e 96334->96335 96334->96336 96335->96312 96338 8b08fc CloseHandle 96335->96338 96392 8a86ae 96336->96392 96407 8b039a CreateFileW 96338->96407 96340 8b0927 96341 8b095d 96340->96341 96342 8b0931 GetLastError 96340->96342 96341->96312 96408 89f2a3 20 API calls 2 library calls 96342->96408 96344 8b093d 96409 8a5333 21 API calls 3 library calls 96344->96409 96346->96292 96347->96298 96348->96298 96350 8b0450 96349->96350 96351 8b046a 96349->96351 96350->96351 96417 89f2d9 20 API calls _abort 96350->96417 96410 8b03bf 96351->96410 96354 8b045f 96418 8a27ec 26 API calls _abort 96354->96418 96356 8b04a2 96357 8b04d1 96356->96357 96419 89f2d9 20 API calls _abort 96356->96419 96364 8b0524 96357->96364 96421 89d70d 26 API calls 2 library calls 96357->96421 96360 8b051f 96362 8b059e 96360->96362 96360->96364 96361 8b04c6 96420 8a27ec 26 API calls _abort 96361->96420 96422 8a27fc 11 API calls _abort 96362->96422 96364->96302 96364->96303 96366 8b05aa 96368 8a522d __FrameHandler3::FrameUnwindToState 96367->96368 96425 8a2f5e EnterCriticalSection 96368->96425 96371 8a5259 96429 8a5000 96371->96429 96372 8a5234 96372->96371 96376 8a52c7 EnterCriticalSection 96372->96376 96379 8a527b 96372->96379 96373 8a52a4 __fread_nolock 96373->96306 96378 8a52d4 LeaveCriticalSection 96376->96378 96376->96379 96378->96372 96426 8a532a 96379->96426 96380->96320 96381->96316 96382->96312 96383->96313 96384->96316 96385->96327 96386->96316 96387->96323 96388->96330 96389->96329 96390->96331 96391->96334 96455 8a53c4 96392->96455 96394 8a86c4 96468 8a5333 21 API calls 3 library calls 96394->96468 96395 8a86be 96395->96394 96396 8a86f6 96395->96396 96399 8a53c4 __wsopen_s 26 API calls 96395->96399 96396->96394 96400 8a53c4 __wsopen_s 26 API calls 96396->96400 96398 8a871c 96401 8a873e 96398->96401 96469 89f2a3 20 API calls 2 library calls 96398->96469 96402 8a86ed 96399->96402 96403 8a8702 CloseHandle 96400->96403 96401->96312 96405 8a53c4 __wsopen_s 26 API calls 96402->96405 96403->96394 96406 8a870e GetLastError 96403->96406 96405->96396 96406->96394 96407->96340 96408->96344 96409->96341 96413 8b03d7 96410->96413 96411 8b03f2 96411->96356 96413->96411 96423 89f2d9 20 API calls _abort 96413->96423 96414 8b0416 96424 8a27ec 26 API calls _abort 96414->96424 96416 8b0421 96416->96356 96417->96354 96418->96351 96419->96361 96420->96357 96421->96360 96422->96366 96423->96414 96424->96416 96425->96372 96437 8a2fa6 LeaveCriticalSection 96426->96437 96428 8a5331 96428->96373 96438 8a4c7d 96429->96438 96431 8a501f 96446 8a29c8 96431->96446 96432 8a5012 96432->96431 96445 8a3405 11 API calls 2 library calls 96432->96445 96435 8a5071 96435->96379 96436 8a5147 EnterCriticalSection 96435->96436 96436->96379 96437->96428 96442 8a4c8a _abort 96438->96442 96439 8a4cca 96453 89f2d9 20 API calls _abort 96439->96453 96440 8a4cb5 RtlAllocateHeap 96441 8a4cc8 96440->96441 96440->96442 96441->96432 96442->96439 96442->96440 96452 894ead 7 API calls 2 library calls 96442->96452 96445->96432 96447 8a29d3 RtlFreeHeap 96446->96447 96448 8a29fc _free 96446->96448 96447->96448 96449 8a29e8 96447->96449 96448->96435 96454 89f2d9 20 API calls _abort 96449->96454 96451 8a29ee GetLastError 96451->96448 96452->96442 96453->96441 96454->96451 96456 8a53d1 96455->96456 96457 8a53e6 96455->96457 96470 89f2c6 20 API calls _abort 96456->96470 96462 8a540b 96457->96462 96472 89f2c6 20 API calls _abort 96457->96472 96459 8a53d6 96471 89f2d9 20 API calls _abort 96459->96471 96462->96395 96463 8a5416 96473 89f2d9 20 API calls _abort 96463->96473 96464 8a53de 96464->96395 96466 8a541e 96474 8a27ec 26 API calls _abort 96466->96474 96468->96398 96469->96401 96470->96459 96471->96464 96472->96463 96473->96466 96474->96464 96475 8b2402 96478 871410 96475->96478 96479 8b24b8 DestroyWindow 96478->96479 96480 87144f mciSendStringW 96478->96480 96492 8b24c4 96479->96492 96481 8716c6 96480->96481 96482 87146b 96480->96482 96481->96482 96484 8716d5 UnregisterHotKey 96481->96484 96483 871479 96482->96483 96482->96492 96511 87182e 96483->96511 96484->96481 96486 8b24d8 96486->96492 96517 876246 CloseHandle 96486->96517 96487 8b24e2 FindClose 96487->96492 96489 8b2509 96493 8b252d 96489->96493 96494 8b251c FreeLibrary 96489->96494 96491 87148e 96491->96493 96501 87149c 96491->96501 96492->96486 96492->96487 96492->96489 96495 8b2541 VirtualFree 96493->96495 96502 871509 96493->96502 96494->96489 96495->96493 96496 8714f8 CoUninitialize 96496->96502 96497 8b2589 96504 8b2598 ISource 96497->96504 96518 8e32eb 6 API calls ISource 96497->96518 96498 871514 96499 871524 96498->96499 96515 871944 VirtualFreeEx CloseHandle 96499->96515 96501->96496 96502->96497 96502->96498 96507 8b2627 96504->96507 96519 8d64d4 22 API calls ISource 96504->96519 96506 87153a 96506->96504 96508 87161f 96506->96508 96507->96507 96508->96507 96516 871876 CloseHandle InternetCloseHandle InternetCloseHandle WaitForSingleObject 96508->96516 96510 8716c1 96512 87183b 96511->96512 96513 871480 96512->96513 96520 8d702a 22 API calls 96512->96520 96513->96489 96513->96491 96515->96506 96516->96510 96517->96486 96518->96497 96519->96504 96520->96512 96521 8c2a00 96536 87d7b0 ISource 96521->96536 96522 87db11 PeekMessageW 96522->96536 96523 87d807 GetInputState 96523->96522 96523->96536 96525 8c1cbe TranslateAcceleratorW 96525->96536 96526 87da04 timeGetTime 96526->96536 96527 87db73 TranslateMessage DispatchMessageW 96528 87db8f PeekMessageW 96527->96528 96528->96536 96529 87dbaf Sleep 96529->96536 96530 8c2b74 Sleep 96543 8c2a51 96530->96543 96533 8c1dda timeGetTime 96709 88e300 23 API calls 96533->96709 96536->96522 96536->96523 96536->96525 96536->96526 96536->96527 96536->96528 96536->96529 96536->96530 96536->96533 96541 87d9d5 96536->96541 96536->96543 96553 87dd50 96536->96553 96560 87dfd0 96536->96560 96588 87bf40 96536->96588 96646 88edf6 96536->96646 96651 881310 96536->96651 96708 88e551 timeGetTime 96536->96708 96710 8e3a2a 23 API calls 96536->96710 96711 87ec40 96536->96711 96735 8e359c 82 API calls __wsopen_s 96536->96735 96537 8c2c0b GetExitCodeProcess 96538 8c2c37 CloseHandle 96537->96538 96539 8c2c21 WaitForSingleObject 96537->96539 96538->96543 96539->96536 96539->96538 96540 9029bf GetForegroundWindow 96540->96543 96543->96536 96543->96537 96543->96540 96543->96541 96544 8c2ca9 Sleep 96543->96544 96736 8f5658 23 API calls 96543->96736 96737 8de97b QueryPerformanceCounter QueryPerformanceFrequency Sleep QueryPerformanceCounter Sleep 96543->96737 96738 88e551 timeGetTime 96543->96738 96739 8dd4dc CreateToolhelp32Snapshot Process32FirstW 96543->96739 96544->96536 96554 87dd83 96553->96554 96555 87dd6f 96553->96555 96781 8e359c 82 API calls __wsopen_s 96554->96781 96749 87d260 96555->96749 96558 87dd7a 96558->96536 96559 8c2f75 96559->96559 96563 87e010 96560->96563 96561 8c2f7a 96562 87ec40 348 API calls 96561->96562 96564 8c2f8c 96562->96564 96563->96561 96565 87e075 96563->96565 96582 87e0dc ISource 96564->96582 96794 8e359c 82 API calls __wsopen_s 96564->96794 96565->96582 96795 890242 5 API calls __Init_thread_wait 96565->96795 96569 8c2fca 96571 87a961 22 API calls 96569->96571 96569->96582 96570 87a961 22 API calls 96570->96582 96572 8c2fe4 96571->96572 96796 8900a3 29 API calls __onexit 96572->96796 96576 8c2fee 96797 8901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96576->96797 96581 87ec40 348 API calls 96581->96582 96582->96570 96582->96581 96583 87e3e1 96582->96583 96584 8804f0 22 API calls 96582->96584 96586 8e359c 82 API calls 96582->96586 96791 87a8c7 22 API calls __fread_nolock 96582->96791 96792 87a81b 41 API calls 96582->96792 96793 88a308 348 API calls 96582->96793 96798 890242 5 API calls __Init_thread_wait 96582->96798 96799 8900a3 29 API calls __onexit 96582->96799 96800 8901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96582->96800 96801 8f47d4 348 API calls 96582->96801 96802 8f68c1 348 API calls 96582->96802 96583->96536 96584->96582 96586->96582 96803 87adf0 96588->96803 96590 87bf9d 96591 8c04b6 96590->96591 96592 87bfa9 96590->96592 96831 8e359c 82 API calls __wsopen_s 96591->96831 96593 8c04c6 96592->96593 96594 87c01e 96592->96594 96832 8e359c 82 API calls __wsopen_s 96593->96832 96808 87ac91 96594->96808 96598 8c04f5 96600 8c055a 96598->96600 96833 88d217 348 API calls 96598->96833 96599 8d7120 22 API calls 96642 87c039 ISource __fread_nolock 96599->96642 96631 87c603 96600->96631 96834 8e359c 82 API calls __wsopen_s 96600->96834 96602 87c7da 96605 88fe0b 22 API calls 96602->96605 96609 87c808 __fread_nolock 96605->96609 96613 88fe0b 22 API calls 96609->96613 96610 87ec40 348 API calls 96610->96642 96611 87af8a 22 API calls 96611->96642 96612 8c091a 96843 8e3209 23 API calls 96612->96843 96643 87c350 ISource __fread_nolock 96613->96643 96616 8c08a5 96617 87ec40 348 API calls 96616->96617 96619 8c08cf 96617->96619 96619->96631 96841 87a81b 41 API calls 96619->96841 96620 8c0591 96835 8e359c 82 API calls __wsopen_s 96620->96835 96621 8c08f6 96842 8e359c 82 API calls __wsopen_s 96621->96842 96625 87bbe0 40 API calls 96625->96642 96627 87c237 96629 87c253 96627->96629 96844 87a8c7 22 API calls __fread_nolock 96627->96844 96628 87aceb 23 API calls 96628->96642 96633 8c0976 96629->96633 96636 87c297 ISource 96629->96636 96631->96536 96632 88fddb 22 API calls 96632->96642 96635 87aceb 23 API calls 96633->96635 96638 8c09bf 96635->96638 96636->96638 96819 87aceb 96636->96819 96638->96631 96845 8e359c 82 API calls __wsopen_s 96638->96845 96639 87c335 96639->96638 96640 87c342 96639->96640 96829 87a704 22 API calls ISource 96640->96829 96642->96598 96642->96599 96642->96600 96642->96602 96642->96609 96642->96610 96642->96611 96642->96612 96642->96616 96642->96620 96642->96621 96642->96625 96642->96627 96642->96628 96642->96631 96642->96632 96642->96638 96644 88fe0b 22 API calls 96642->96644 96812 87ad81 96642->96812 96836 8d7099 22 API calls __fread_nolock 96642->96836 96837 8f5745 54 API calls _wcslen 96642->96837 96838 88aa42 22 API calls ISource 96642->96838 96839 8df05c 40 API calls 96642->96839 96840 87a993 41 API calls 96642->96840 96645 87c3ac 96643->96645 96830 88ce17 22 API calls ISource 96643->96830 96644->96642 96645->96536 96647 88ee09 96646->96647 96648 88ee12 96646->96648 96647->96536 96648->96647 96649 88ee36 IsDialogMessageW 96648->96649 96650 8cefaf GetClassLongW 96648->96650 96649->96647 96649->96648 96650->96648 96650->96649 96652 8817b0 96651->96652 96653 881376 96651->96653 96886 890242 5 API calls __Init_thread_wait 96652->96886 96654 881390 96653->96654 96655 8c6331 96653->96655 96657 881940 9 API calls 96654->96657 96658 8c633d 96655->96658 96896 8f709c 348 API calls 96655->96896 96662 8813a0 96657->96662 96658->96536 96660 8817ba 96661 8817fb 96660->96661 96887 879cb3 96660->96887 96666 8c6346 96661->96666 96668 88182c 96661->96668 96664 881940 9 API calls 96662->96664 96665 8813b6 96664->96665 96665->96661 96667 8813ec 96665->96667 96897 8e359c 82 API calls __wsopen_s 96666->96897 96667->96666 96691 881408 __fread_nolock 96667->96691 96670 87aceb 23 API calls 96668->96670 96672 881839 96670->96672 96671 8817d4 96893 8901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 96671->96893 96894 88d217 348 API calls 96672->96894 96675 8c636e 96898 8e359c 82 API calls __wsopen_s 96675->96898 96676 88152f 96678 88153c 96676->96678 96679 8c63d1 96676->96679 96681 881940 9 API calls 96678->96681 96900 8f5745 54 API calls _wcslen 96679->96900 96682 881549 96681->96682 96686 8c64fa 96682->96686 96688 881940 9 API calls 96682->96688 96683 88fddb 22 API calls 96683->96691 96684 881872 96895 88faeb 23 API calls 96684->96895 96685 88fe0b 22 API calls 96685->96691 96696 8c6369 96686->96696 96902 8e359c 82 API calls __wsopen_s 96686->96902 96692 881563 96688->96692 96690 87ec40 348 API calls 96690->96691 96691->96672 96691->96675 96691->96676 96691->96683 96691->96685 96691->96690 96693 8c63b2 96691->96693 96691->96696 96692->96686 96698 8815c7 ISource 96692->96698 96901 87a8c7 22 API calls __fread_nolock 96692->96901 96899 8e359c 82 API calls __wsopen_s 96693->96899 96696->96536 96697 881940 9 API calls 96697->96698 96698->96684 96698->96686 96698->96696 96698->96697 96700 88167b ISource 96698->96700 96857 8fabf7 96698->96857 96862 8fab67 96698->96862 96865 8fa2ea 96698->96865 96870 88f645 96698->96870 96877 8e5c5a 96698->96877 96882 901591 96698->96882 96699 88171d 96699->96536 96700->96699 96885 88ce17 22 API calls ISource 96700->96885 96708->96536 96709->96536 96710->96536 96712 87ec76 ISource 96711->96712 96713 87fef7 96712->96713 96716 88fddb 22 API calls 96712->96716 96717 8c4600 96712->96717 96718 8c4b0b 96712->96718 96722 87a8c7 22 API calls 96712->96722 96725 890242 EnterCriticalSection LeaveCriticalSection LeaveCriticalSection WaitForSingleObjectEx EnterCriticalSection 96712->96725 96726 87fbe3 96712->96726 96727 87ed9d ISource 96712->96727 96728 87a961 22 API calls 96712->96728 96730 8900a3 29 API calls pre_c_initialization 96712->96730 96732 8c4beb 96712->96732 96733 8901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent __Init_thread_footer 96712->96733 96734 87f3ae ISource 96712->96734 97074 8801e0 96712->97074 97135 8806a0 41 API calls ISource 96712->97135 96713->96727 97137 87a8c7 22 API calls __fread_nolock 96713->97137 96716->96712 96717->96727 97136 87a8c7 22 API calls __fread_nolock 96717->97136 97139 8e359c 82 API calls __wsopen_s 96718->97139 96722->96712 96725->96712 96726->96727 96729 8c4bdc 96726->96729 96726->96734 96727->96536 96728->96712 97140 8e359c 82 API calls __wsopen_s 96729->97140 96730->96712 97141 8e359c 82 API calls __wsopen_s 96732->97141 96733->96712 96734->96727 97138 8e359c 82 API calls __wsopen_s 96734->97138 96735->96536 96736->96543 96737->96543 96738->96543 97189 8ddef7 96739->97189 96741 8dd529 Process32NextW 96742 8dd5db CloseHandle 96741->96742 96747 8dd522 96741->96747 96742->96543 96743 87a961 22 API calls 96743->96747 96744 879cb3 22 API calls 96744->96747 96747->96741 96747->96742 96747->96743 96747->96744 97195 87525f 22 API calls 96747->97195 97196 876350 22 API calls 96747->97196 97197 88ce60 41 API calls 96747->97197 96750 87ec40 348 API calls 96749->96750 96770 87d29d 96750->96770 96751 8c1bc4 96790 8e359c 82 API calls __wsopen_s 96751->96790 96753 87d3c3 96755 87d6d5 96753->96755 96757 87d3ce 96753->96757 96754 87d30b ISource 96754->96558 96755->96754 96765 88fe0b 22 API calls 96755->96765 96756 87d5ff 96758 87d614 96756->96758 96759 8c1bb5 96756->96759 96761 88fddb 22 API calls 96757->96761 96762 88fddb 22 API calls 96758->96762 96789 8f5705 23 API calls 96759->96789 96760 87d4b8 96767 88fe0b 22 API calls 96760->96767 96769 87d3d5 __fread_nolock 96761->96769 96768 87d46a 96762->96768 96764 88fddb 22 API calls 96764->96770 96765->96769 96766 87d429 ISource __fread_nolock 96766->96756 96766->96768 96774 8c1ba4 96766->96774 96777 8c1b7f 96766->96777 96779 8c1b5d 96766->96779 96783 871f6f 96766->96783 96767->96766 96768->96558 96771 88fddb 22 API calls 96769->96771 96772 87d3f6 96769->96772 96770->96751 96770->96753 96770->96754 96770->96755 96770->96760 96770->96764 96770->96766 96771->96772 96772->96766 96782 87bec0 348 API calls 96772->96782 96788 8e359c 82 API calls __wsopen_s 96774->96788 96787 8e359c 82 API calls __wsopen_s 96777->96787 96786 8e359c 82 API calls __wsopen_s 96779->96786 96781->96559 96782->96766 96784 87ec40 348 API calls 96783->96784 96785 871f98 96784->96785 96785->96766 96786->96768 96787->96768 96788->96768 96789->96751 96790->96754 96791->96582 96792->96582 96793->96582 96794->96582 96795->96569 96796->96576 96797->96582 96798->96582 96799->96582 96800->96582 96801->96582 96802->96582 96804 87ae01 96803->96804 96807 87ae1c ISource 96803->96807 96805 87aec9 22 API calls 96804->96805 96806 87ae09 CharUpperBuffW 96805->96806 96806->96807 96807->96590 96809 87acae 96808->96809 96810 87acd1 96809->96810 96846 8e359c 82 API calls __wsopen_s 96809->96846 96810->96642 96813 8bfadb 96812->96813 96814 87ad92 96812->96814 96815 88fddb 22 API calls 96814->96815 96816 87ad99 96815->96816 96847 87adcd 96816->96847 96820 87ad2a ISource 96819->96820 96821 87acf9 96819->96821 96820->96639 96822 87ad55 96821->96822 96824 87ad01 ISource 96821->96824 96822->96820 96855 87a8c7 22 API calls __fread_nolock 96822->96855 96824->96820 96825 8bfa48 96824->96825 96826 87ad21 96824->96826 96825->96820 96856 88ce17 22 API calls ISource 96825->96856 96826->96820 96827 8bfa3a VariantClear 96826->96827 96827->96820 96829->96643 96830->96643 96831->96593 96832->96631 96833->96600 96834->96631 96835->96631 96836->96642 96837->96642 96838->96642 96839->96642 96840->96642 96841->96621 96842->96631 96843->96627 96844->96629 96845->96631 96846->96810 96851 87addd 96847->96851 96848 87adb6 96848->96642 96849 88fddb 22 API calls 96849->96851 96850 87a961 22 API calls 96850->96851 96851->96848 96851->96849 96851->96850 96853 87adcd 22 API calls 96851->96853 96854 87a8c7 22 API calls __fread_nolock 96851->96854 96853->96851 96854->96851 96855->96820 96856->96820 96903 8faff9 96857->96903 96859 8fac54 96859->96698 96860 8fac0c 96860->96859 96861 87aceb 23 API calls 96860->96861 96861->96859 96863 8faff9 217 API calls 96862->96863 96864 8fab79 96863->96864 96864->96698 96866 877510 53 API calls 96865->96866 96867 8fa306 96866->96867 96868 8dd4dc 47 API calls 96867->96868 96869 8fa315 96868->96869 96869->96698 96871 87b567 39 API calls 96870->96871 96872 88f659 96871->96872 96873 8cf2dc Sleep 96872->96873 96874 88f661 timeGetTime 96872->96874 96875 87b567 39 API calls 96874->96875 96876 88f677 96875->96876 96876->96698 96878 877510 53 API calls 96877->96878 96879 8e5c6d 96878->96879 97058 8ddbbe lstrlenW 96879->97058 96881 8e5c77 96881->96698 97063 902ad8 96882->97063 96884 90159f 96884->96698 96885->96700 96886->96660 96888 879cc2 _wcslen 96887->96888 96889 88fe0b 22 API calls 96888->96889 96890 879cea __fread_nolock 96889->96890 96891 88fddb 22 API calls 96890->96891 96892 879d00 96891->96892 96892->96671 96893->96661 96894->96684 96895->96684 96896->96658 96897->96696 96898->96696 96899->96696 96900->96692 96901->96698 96902->96696 96904 8fb01d ___scrt_fastfail 96903->96904 96905 8fb058 96904->96905 96906 8fb094 96904->96906 97024 87b567 96905->97024 96910 87b567 39 API calls 96906->96910 96911 8fb08b 96906->96911 96908 8fb063 96908->96911 96914 87b567 39 API calls 96908->96914 96909 8fb0ed 96994 877510 96909->96994 96913 8fb0a5 96910->96913 96911->96909 96915 87b567 39 API calls 96911->96915 96917 87b567 39 API calls 96913->96917 96918 8fb078 96914->96918 96915->96909 96917->96911 96921 87b567 39 API calls 96918->96921 96920 8fb115 96922 8fb11f 96920->96922 96923 8fb1d8 96920->96923 96921->96911 96924 877510 53 API calls 96922->96924 96925 8fb20a GetCurrentDirectoryW 96923->96925 96928 877510 53 API calls 96923->96928 96926 8fb130 96924->96926 96927 88fe0b 22 API calls 96925->96927 96929 877620 22 API calls 96926->96929 96930 8fb22f GetCurrentDirectoryW 96927->96930 96931 8fb1ef 96928->96931 96932 8fb13a 96929->96932 96935 8fb23c 96930->96935 96933 877620 22 API calls 96931->96933 96934 877510 53 API calls 96932->96934 96936 8fb1f9 _wcslen 96933->96936 96937 8fb14b 96934->96937 96938 8fb275 96935->96938 97029 879c6e 22 API calls 96935->97029 96936->96925 96936->96938 96939 877620 22 API calls 96937->96939 96943 8fb28b 96938->96943 96944 8fb287 96938->96944 96941 8fb155 96939->96941 96945 877510 53 API calls 96941->96945 96942 8fb255 97030 879c6e 22 API calls 96942->97030 97032 8e07c0 10 API calls 96943->97032 96951 8fb39a CreateProcessW 96944->96951 96952 8fb2f8 96944->96952 96948 8fb166 96945->96948 96953 877620 22 API calls 96948->96953 96949 8fb265 97031 879c6e 22 API calls 96949->97031 96950 8fb294 97033 8e06e6 10 API calls 96950->97033 96993 8fb32f _wcslen 96951->96993 97035 8d11c8 39 API calls 96952->97035 96957 8fb170 96953->96957 96960 8fb1a6 GetSystemDirectoryW 96957->96960 96965 877510 53 API calls 96957->96965 96958 8fb2aa 97034 8e05a7 8 API calls 96958->97034 96959 8fb2fd 96963 8fb32a 96959->96963 96964 8fb323 96959->96964 96962 88fe0b 22 API calls 96960->96962 96969 8fb1cb GetSystemDirectoryW 96962->96969 97037 8d14ce 6 API calls 96963->97037 97036 8d1201 128 API calls 2 library calls 96964->97036 96966 8fb187 96965->96966 96971 877620 22 API calls 96966->96971 96968 8fb2d0 96968->96944 96969->96935 96973 8fb191 _wcslen 96971->96973 96972 8fb328 96972->96993 96973->96935 96973->96960 96974 8fb42f CloseHandle 96976 8fb43f 96974->96976 96984 8fb49a 96974->96984 96975 8fb3d6 GetLastError 96983 8fb41a 96975->96983 96977 8fb446 CloseHandle 96976->96977 96978 8fb451 96976->96978 96977->96978 96981 8fb458 CloseHandle 96978->96981 96982 8fb463 96978->96982 96980 8fb4a6 96980->96983 96981->96982 96985 8fb46a CloseHandle 96982->96985 96986 8fb475 96982->96986 97021 8e0175 96983->97021 96984->96980 96989 8fb4d2 CloseHandle 96984->96989 96985->96986 97038 8e09d9 34 API calls 96986->97038 96989->96983 96991 8fb486 97039 8fb536 25 API calls 96991->97039 96993->96974 96993->96975 96995 877525 96994->96995 97010 877522 96994->97010 96996 87752d 96995->96996 96997 87755b 96995->96997 97040 8951c6 26 API calls 96996->97040 96998 8b50f6 96997->96998 97001 87756d 96997->97001 97008 8b500f 96997->97008 97043 895183 26 API calls 96998->97043 97041 88fb21 51 API calls 97001->97041 97002 87753d 97006 88fddb 22 API calls 97002->97006 97003 8b510e 97003->97003 97007 877547 97006->97007 97009 879cb3 22 API calls 97007->97009 97011 88fe0b 22 API calls 97008->97011 97016 8b5088 97008->97016 97009->97010 97017 877620 97010->97017 97012 8b5058 97011->97012 97013 88fddb 22 API calls 97012->97013 97014 8b507f 97013->97014 97015 879cb3 22 API calls 97014->97015 97015->97016 97042 88fb21 51 API calls 97016->97042 97018 87762a _wcslen 97017->97018 97019 88fe0b 22 API calls 97018->97019 97020 87763f 97019->97020 97020->96920 97044 8e030f 97021->97044 97025 87b578 97024->97025 97026 87b57f 97024->97026 97025->97026 97057 8962d1 39 API calls _strftime 97025->97057 97026->96908 97028 87b5c2 97028->96908 97029->96942 97030->96949 97031->96938 97032->96950 97033->96958 97034->96968 97035->96959 97036->96972 97037->96993 97038->96991 97039->96984 97040->97002 97041->97002 97042->96998 97043->97003 97045 8e0329 97044->97045 97046 8e0321 CloseHandle 97044->97046 97047 8e032e CloseHandle 97045->97047 97048 8e0336 97045->97048 97046->97045 97047->97048 97049 8e033b CloseHandle 97048->97049 97050 8e0343 97048->97050 97049->97050 97051 8e0348 CloseHandle 97050->97051 97052 8e0350 97050->97052 97051->97052 97053 8e035d 97052->97053 97054 8e0355 CloseHandle 97052->97054 97055 8e017d 97053->97055 97056 8e0362 CloseHandle 97053->97056 97054->97053 97055->96860 97056->97055 97057->97028 97059 8ddbdc GetFileAttributesW 97058->97059 97060 8ddc06 97058->97060 97059->97060 97061 8ddbe8 FindFirstFileW 97059->97061 97060->96881 97061->97060 97062 8ddbf9 FindClose 97061->97062 97062->97060 97064 87aceb 23 API calls 97063->97064 97065 902af3 97064->97065 97066 902b1d 97065->97066 97067 902aff 97065->97067 97069 876b57 22 API calls 97066->97069 97068 877510 53 API calls 97067->97068 97070 902b0c 97068->97070 97071 902b1b 97069->97071 97070->97071 97073 87a8c7 22 API calls __fread_nolock 97070->97073 97071->96884 97073->97071 97075 880206 97074->97075 97089 88027e 97074->97089 97076 8c5411 97075->97076 97077 880213 97075->97077 97170 8f7b7e 348 API calls 2 library calls 97076->97170 97084 8c5435 97077->97084 97085 88021d 97077->97085 97078 8c5405 97169 8e359c 82 API calls __wsopen_s 97078->97169 97080 8c5466 97086 8c5471 97080->97086 97087 8c5493 97080->97087 97081 87ec40 348 API calls 97081->97089 97084->97080 97088 8c544d 97084->97088 97134 880230 ISource 97085->97134 97175 87a8c7 22 API calls __fread_nolock 97085->97175 97172 8f7b7e 348 API calls 2 library calls 97086->97172 97142 8f5689 97087->97142 97171 8e359c 82 API calls __wsopen_s 97088->97171 97089->97081 97092 880405 97089->97092 97095 8c51b9 97089->97095 97106 8803f9 97089->97106 97115 8c51ce ISource 97089->97115 97116 880344 97089->97116 97124 8803b2 ISource 97089->97124 97092->96712 97093 8c5332 97093->97134 97168 87a8c7 22 API calls __fread_nolock 97093->97168 97165 8e359c 82 API calls __wsopen_s 97095->97165 97100 8c568a 97104 8c56c0 97100->97104 97177 8f7771 67 API calls 97100->97177 97101 8c5532 97173 8e1119 22 API calls 97101->97173 97105 87aceb 23 API calls 97104->97105 97131 880273 ISource 97105->97131 97106->97092 97164 8e359c 82 API calls __wsopen_s 97106->97164 97107 8c5668 97111 877510 53 API calls 97107->97111 97125 8c5670 _wcslen 97111->97125 97112 8c54b9 97149 8e0acc 97112->97149 97113 8c569e 97118 877510 53 API calls 97113->97118 97114 8c5544 97174 87a673 22 API calls 97114->97174 97115->97124 97115->97131 97166 8e359c 82 API calls __wsopen_s 97115->97166 97116->97106 97153 8804f0 97116->97153 97127 8c56a6 _wcslen 97118->97127 97120 8803a5 97120->97106 97120->97124 97122 8c554d 97130 8e0acc 22 API calls 97122->97130 97124->97078 97124->97093 97124->97131 97124->97134 97167 88a308 348 API calls 97124->97167 97125->97100 97128 87aceb 23 API calls 97125->97128 97126 881310 348 API calls 97126->97134 97127->97104 97129 87aceb 23 API calls 97127->97129 97128->97100 97129->97104 97132 8c5566 97130->97132 97131->96712 97133 87bf40 348 API calls 97132->97133 97133->97134 97134->97100 97134->97131 97176 8f7632 54 API calls __wsopen_s 97134->97176 97135->96712 97136->96727 97137->96727 97138->96727 97139->96727 97140->96732 97141->96727 97143 8f56a4 97142->97143 97148 8c549e 97142->97148 97144 88fe0b 22 API calls 97143->97144 97145 8f56c6 97144->97145 97146 88fddb 22 API calls 97145->97146 97145->97148 97178 8e0a59 97145->97178 97146->97145 97148->97101 97148->97112 97150 8c54e3 97149->97150 97151 8e0ada 97149->97151 97150->97126 97151->97150 97152 88fddb 22 API calls 97151->97152 97152->97150 97154 880502 97153->97154 97156 88050b 97154->97156 97182 88a732 97154->97182 97157 8805c0 97156->97157 97158 88fddb 22 API calls 97156->97158 97157->97120 97159 880629 97158->97159 97160 88fddb 22 API calls 97159->97160 97161 880632 97160->97161 97162 879cb3 22 API calls 97161->97162 97163 880641 97162->97163 97163->97120 97164->97131 97165->97115 97166->97124 97167->97124 97168->97134 97169->97076 97170->97134 97171->97131 97172->97134 97173->97114 97174->97122 97175->97134 97176->97107 97177->97113 97179 8e0a7a 97178->97179 97180 88fddb 22 API calls 97179->97180 97181 8e0a85 97179->97181 97180->97181 97181->97145 97183 88fddb 22 API calls 97182->97183 97184 88a748 97183->97184 97184->97184 97185 88fe0b 22 API calls 97184->97185 97188 88a7d6 97185->97188 97186 88a80d 97186->97156 97187 88fddb 22 API calls 97187->97188 97188->97186 97188->97187 97193 8ddf02 97189->97193 97190 8ddf19 97199 8962fb 39 API calls _strftime 97190->97199 97193->97190 97194 8ddf1f 97193->97194 97198 8963b2 GetStringTypeW _strftime 97193->97198 97194->96747 97195->96747 97196->96747 97197->96747 97198->97193 97199->97194 97200 88f698 97201 88f6a2 97200->97201 97206 88f6c3 97200->97206 97209 87af8a 97201->97209 97203 88f6b2 97205 87af8a 22 API calls 97203->97205 97207 88f6c2 97205->97207 97208 8cf2f8 97206->97208 97217 8d4d4a 22 API calls ISource 97206->97217 97210 87afc0 ISource 97209->97210 97211 87af98 97209->97211 97210->97203 97213 87afa6 97211->97213 97214 87af8a 22 API calls 97211->97214 97212 87afac 97212->97210 97218 87b090 97212->97218 97213->97212 97215 87af8a 22 API calls 97213->97215 97214->97213 97215->97212 97217->97206 97220 87b09b ISource 97218->97220 97219 87b0d6 ISource 97219->97210 97220->97219 97222 88ce17 22 API calls ISource 97220->97222 97222->97219 97223 873156 97226 873170 97223->97226 97227 873187 97226->97227 97228 87318c 97227->97228 97229 8731eb 97227->97229 97266 8731e9 97227->97266 97230 873265 PostQuitMessage 97228->97230 97231 873199 97228->97231 97233 8b2dfb 97229->97233 97234 8731f1 97229->97234 97268 87316a 97230->97268 97236 8731a4 97231->97236 97237 8b2e7c 97231->97237 97232 8731d0 DefWindowProcW 97232->97268 97285 8718e2 10 API calls 97233->97285 97238 87321d SetTimer RegisterWindowMessageW 97234->97238 97239 8731f8 97234->97239 97241 8b2e68 97236->97241 97242 8731ae 97236->97242 97298 8dbf30 34 API calls ___scrt_fastfail 97237->97298 97243 873246 CreatePopupMenu 97238->97243 97238->97268 97245 873201 KillTimer 97239->97245 97246 8b2d9c 97239->97246 97240 8b2e1c 97286 88e499 42 API calls 97240->97286 97275 8dc161 97241->97275 97249 8731b9 97242->97249 97257 8b2e4d 97242->97257 97243->97268 97271 8730f2 97245->97271 97250 8b2da1 97246->97250 97251 8b2dd7 MoveWindow 97246->97251 97253 873253 97249->97253 97260 8731c4 97249->97260 97255 8b2da7 97250->97255 97256 8b2dc6 SetFocus 97250->97256 97251->97268 97283 87326f 44 API calls ___scrt_fastfail 97253->97283 97254 8b2e8e 97254->97232 97254->97268 97255->97260 97261 8b2db0 97255->97261 97256->97268 97257->97232 97297 8d0ad7 22 API calls 97257->97297 97260->97232 97267 8730f2 Shell_NotifyIconW 97260->97267 97284 8718e2 10 API calls 97261->97284 97264 873263 97264->97268 97266->97232 97269 8b2e41 97267->97269 97287 873837 97269->97287 97272 873154 97271->97272 97273 873104 ___scrt_fastfail 97271->97273 97282 873c50 DeleteObject DestroyWindow 97272->97282 97274 873123 Shell_NotifyIconW 97273->97274 97274->97272 97276 8dc276 97275->97276 97277 8dc179 ___scrt_fastfail 97275->97277 97276->97268 97299 873923 97277->97299 97279 8dc25f KillTimer SetTimer 97279->97276 97280 8dc1a0 97280->97279 97281 8dc251 Shell_NotifyIconW 97280->97281 97281->97279 97282->97268 97283->97264 97284->97268 97285->97240 97286->97260 97288 873862 ___scrt_fastfail 97287->97288 97353 874212 97288->97353 97291 8738e8 97293 873906 Shell_NotifyIconW 97291->97293 97294 8b3386 Shell_NotifyIconW 97291->97294 97295 873923 24 API calls 97293->97295 97296 87391c 97295->97296 97296->97266 97297->97266 97298->97254 97300 87393f 97299->97300 97319 873a13 97299->97319 97321 876270 97300->97321 97303 8b3393 LoadStringW 97306 8b33ad 97303->97306 97304 87395a 97305 876b57 22 API calls 97304->97305 97307 87396f 97305->97307 97314 873994 ___scrt_fastfail 97306->97314 97327 87a8c7 22 API calls __fread_nolock 97306->97327 97308 8b33c9 97307->97308 97309 87397c 97307->97309 97328 876350 22 API calls 97308->97328 97309->97306 97311 873986 97309->97311 97326 876350 22 API calls 97311->97326 97317 8739f9 Shell_NotifyIconW 97314->97317 97315 8b33d7 97315->97314 97329 8733c6 97315->97329 97317->97319 97318 8b33f9 97320 8733c6 22 API calls 97318->97320 97319->97280 97320->97314 97322 88fe0b 22 API calls 97321->97322 97323 876295 97322->97323 97324 88fddb 22 API calls 97323->97324 97325 87394d 97324->97325 97325->97303 97325->97304 97326->97314 97327->97314 97328->97315 97330 8b30bb 97329->97330 97331 8733dd 97329->97331 97333 88fddb 22 API calls 97330->97333 97338 8733ee 97331->97338 97335 8b30c5 _wcslen 97333->97335 97334 8733e8 97334->97318 97336 88fe0b 22 API calls 97335->97336 97337 8b30fe __fread_nolock 97336->97337 97339 8733fe _wcslen 97338->97339 97340 8b311d 97339->97340 97341 873411 97339->97341 97342 88fddb 22 API calls 97340->97342 97348 87a587 97341->97348 97344 8b3127 97342->97344 97346 88fe0b 22 API calls 97344->97346 97345 87341e __fread_nolock 97345->97334 97347 8b3157 __fread_nolock 97346->97347 97349 87a59d 97348->97349 97352 87a598 __fread_nolock 97348->97352 97350 8bf80f 97349->97350 97351 88fe0b 22 API calls 97349->97351 97351->97352 97352->97345 97354 8738b7 97353->97354 97355 8b35a4 97353->97355 97354->97291 97357 8dc874 42 API calls _strftime 97354->97357 97355->97354 97356 8b35ad DestroyIcon 97355->97356 97356->97354 97357->97291 97358 8cd79f 97363 873b1c 97358->97363 97360 8cd7bf 97370 879c6e 22 API calls 97360->97370 97362 8cd7ef 97362->97362 97364 873b8c 97363->97364 97365 873b29 97363->97365 97364->97360 97365->97364 97366 873b30 RegOpenKeyExW 97365->97366 97366->97364 97367 873b4a RegQueryValueExW 97366->97367 97368 873b80 RegCloseKey 97367->97368 97369 873b6b 97367->97369 97368->97364 97369->97368 97370->97362 97371 8cd35f 97372 8cd30c 97371->97372 97375 8ddf27 SHGetFolderPathW 97372->97375 97376 876b57 22 API calls 97375->97376 97377 8cd315 97376->97377 97378 8cd29a 97381 8dde27 WSAStartup 97378->97381 97380 8cd2a5 97382 8dde50 gethostname gethostbyname 97381->97382 97383 8ddee6 97381->97383 97382->97383 97384 8dde73 __fread_nolock 97382->97384 97383->97380 97385 8ddea5 inet_ntoa 97384->97385 97389 8dde87 97384->97389 97387 8ddebe _strcat 97385->97387 97386 8ddede WSACleanup 97386->97383 97390 8debd1 97387->97390 97389->97386 97391 8dec37 97390->97391 97392 8debe0 _strlen 97390->97392 97391->97389 97393 8debef MultiByteToWideChar 97392->97393 97393->97391 97394 8dec04 97393->97394 97395 88fe0b 22 API calls 97394->97395 97396 8dec20 MultiByteToWideChar 97395->97396 97396->97391 97397 8cd255 97398 873b1c 3 API calls 97397->97398 97399 8cd275 97397->97399 97398->97399 97399->97399 97400 87105b 97405 87344d 97400->97405 97402 87106a 97436 8900a3 29 API calls __onexit 97402->97436 97404 871074 97406 87345d __wsopen_s 97405->97406 97407 87a961 22 API calls 97406->97407 97408 873513 97407->97408 97437 873a5a 97408->97437 97410 87351c 97444 873357 97410->97444 97413 8733c6 22 API calls 97414 873535 97413->97414 97450 87515f 97414->97450 97417 87a961 22 API calls 97418 87354d 97417->97418 97456 87a6c3 97418->97456 97421 8b3176 RegQueryValueExW 97422 8b320c RegCloseKey 97421->97422 97423 8b3193 97421->97423 97425 873578 97422->97425 97435 8b321e _wcslen 97422->97435 97424 88fe0b 22 API calls 97423->97424 97426 8b31ac 97424->97426 97425->97402 97462 875722 97426->97462 97429 874c6d 22 API calls 97429->97435 97430 8b31d4 97431 876b57 22 API calls 97430->97431 97432 8b31ee ISource 97431->97432 97432->97422 97433 879cb3 22 API calls 97433->97435 97434 87515f 22 API calls 97434->97435 97435->97425 97435->97429 97435->97433 97435->97434 97436->97404 97465 8b1f50 97437->97465 97440 879cb3 22 API calls 97441 873a8d 97440->97441 97467 873aa2 97441->97467 97443 873a97 97443->97410 97445 8b1f50 __wsopen_s 97444->97445 97446 873364 GetFullPathNameW 97445->97446 97447 873386 97446->97447 97448 876b57 22 API calls 97447->97448 97449 8733a4 97448->97449 97449->97413 97451 87516e 97450->97451 97452 87518f __fread_nolock 97450->97452 97454 88fe0b 22 API calls 97451->97454 97453 88fddb 22 API calls 97452->97453 97455 873544 97453->97455 97454->97452 97455->97417 97457 873556 RegOpenKeyExW 97456->97457 97458 87a6dd 97456->97458 97457->97421 97457->97425 97459 88fddb 22 API calls 97458->97459 97460 87a6e7 97459->97460 97461 88fe0b 22 API calls 97460->97461 97461->97457 97463 88fddb 22 API calls 97462->97463 97464 875734 RegQueryValueExW 97463->97464 97464->97430 97464->97432 97466 873a67 GetModuleFileNameW 97465->97466 97466->97440 97468 8b1f50 __wsopen_s 97467->97468 97469 873aaf GetFullPathNameW 97468->97469 97470 873ace 97469->97470 97471 873ae9 97469->97471 97472 876b57 22 API calls 97470->97472 97473 87a6c3 22 API calls 97471->97473 97474 873ada 97472->97474 97473->97474 97477 8737a0 97474->97477 97478 8737ae 97477->97478 97479 8793b2 22 API calls 97478->97479 97480 8737c2 97479->97480 97480->97443 97481 871098 97486 8742de 97481->97486 97485 8710a7 97487 87a961 22 API calls 97486->97487 97488 8742f5 GetVersionExW 97487->97488 97489 876b57 22 API calls 97488->97489 97490 874342 97489->97490 97491 8793b2 22 API calls 97490->97491 97503 874378 97490->97503 97492 87436c 97491->97492 97494 8737a0 22 API calls 97492->97494 97493 87441b GetCurrentProcess IsWow64Process 97495 874437 97493->97495 97494->97503 97496 87444f LoadLibraryA 97495->97496 97497 8b3824 GetSystemInfo 97495->97497 97498 874460 GetProcAddress 97496->97498 97499 87449c GetSystemInfo 97496->97499 97498->97499 97502 874470 GetNativeSystemInfo 97498->97502 97500 874476 97499->97500 97504 87109d 97500->97504 97505 87447a FreeLibrary 97500->97505 97501 8b37df 97502->97500 97503->97493 97503->97501 97506 8900a3 29 API calls __onexit 97504->97506 97505->97504 97506->97485 97507 87dee5 97510 87b710 97507->97510 97511 87b72b 97510->97511 97512 8c00f8 97511->97512 97513 8c0146 97511->97513 97521 87b750 97511->97521 97516 8c0102 97512->97516 97519 8c010f 97512->97519 97512->97521 97552 8f58a2 348 API calls 2 library calls 97513->97552 97550 8f5d33 348 API calls 97516->97550 97531 87ba20 97519->97531 97551 8f61d0 348 API calls 2 library calls 97519->97551 97526 87ba4e 97521->97526 97528 8c0322 97521->97528 97521->97531 97534 87aceb 23 API calls 97521->97534 97536 88d336 40 API calls 97521->97536 97537 87bbe0 40 API calls 97521->97537 97538 87ec40 348 API calls 97521->97538 97541 87a81b 41 API calls 97521->97541 97542 88d2f0 40 API calls 97521->97542 97543 88a01b 348 API calls 97521->97543 97544 890242 5 API calls __Init_thread_wait 97521->97544 97545 88edcd 22 API calls 97521->97545 97546 8900a3 29 API calls __onexit 97521->97546 97547 8901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 97521->97547 97548 88ee53 82 API calls 97521->97548 97549 88e5ca 348 API calls 97521->97549 97553 8cf6bf 23 API calls 97521->97553 97554 87a8c7 22 API calls __fread_nolock 97521->97554 97523 8c03d9 97523->97523 97555 8f5c0c 82 API calls 97528->97555 97531->97526 97556 8e359c 82 API calls __wsopen_s 97531->97556 97534->97521 97536->97521 97537->97521 97538->97521 97541->97521 97542->97521 97543->97521 97544->97521 97545->97521 97546->97521 97547->97521 97548->97521 97549->97521 97550->97519 97551->97531 97552->97521 97553->97521 97554->97521 97555->97531 97556->97523 97557 872de3 97558 872df0 __wsopen_s 97557->97558 97559 8b2c2b ___scrt_fastfail 97558->97559 97560 872e09 97558->97560 97563 8b2c47 GetOpenFileNameW 97559->97563 97561 873aa2 23 API calls 97560->97561 97562 872e12 97561->97562 97573 872da5 97562->97573 97565 8b2c96 97563->97565 97567 876b57 22 API calls 97565->97567 97569 8b2cab 97567->97569 97569->97569 97570 872e27 97591 8744a8 97570->97591 97574 8b1f50 __wsopen_s 97573->97574 97575 872db2 GetLongPathNameW 97574->97575 97576 876b57 22 API calls 97575->97576 97577 872dda 97576->97577 97578 873598 97577->97578 97579 87a961 22 API calls 97578->97579 97580 8735aa 97579->97580 97581 873aa2 23 API calls 97580->97581 97582 8735b5 97581->97582 97583 8b32eb 97582->97583 97584 8735c0 97582->97584 97589 8b330d 97583->97589 97626 88ce60 41 API calls 97583->97626 97586 87515f 22 API calls 97584->97586 97587 8735cc 97586->97587 97620 8735f3 97587->97620 97590 8735df 97590->97570 97627 874ecb 97591->97627 97594 8b3833 97649 8e2cf9 97594->97649 97595 874ecb 94 API calls 97597 8744e1 97595->97597 97597->97594 97599 8744e9 97597->97599 97598 8b3848 97600 8b3869 97598->97600 97601 8b384c 97598->97601 97604 8744f5 97599->97604 97605 8b3854 97599->97605 97603 88fe0b 22 API calls 97600->97603 97699 874f39 97601->97699 97611 8b38ae 97603->97611 97698 87940c 136 API calls 2 library calls 97604->97698 97705 8dda5a 82 API calls 97605->97705 97608 8b3862 97608->97600 97609 872e31 97610 8b3a5f 97612 874f39 68 API calls 97610->97612 97707 8d989b 82 API calls __wsopen_s 97610->97707 97611->97610 97617 879cb3 22 API calls 97611->97617 97675 8d967e 97611->97675 97678 8e0b5a 97611->97678 97684 87a4a1 97611->97684 97692 873ff7 97611->97692 97706 8d95ad 42 API calls _wcslen 97611->97706 97612->97610 97617->97611 97621 873605 97620->97621 97625 873624 __fread_nolock 97620->97625 97624 88fe0b 22 API calls 97621->97624 97622 88fddb 22 API calls 97623 87363b 97622->97623 97623->97590 97624->97625 97625->97622 97626->97583 97708 874e90 LoadLibraryA 97627->97708 97632 874ef6 LoadLibraryExW 97716 874e59 LoadLibraryA 97632->97716 97633 8b3ccf 97635 874f39 68 API calls 97633->97635 97637 8b3cd6 97635->97637 97639 874e59 3 API calls 97637->97639 97640 8b3cde 97639->97640 97738 8750f5 97640->97738 97641 874f20 97641->97640 97642 874f2c 97641->97642 97644 874f39 68 API calls 97642->97644 97646 8744cd 97644->97646 97646->97594 97646->97595 97648 8b3d05 97650 8e2d15 97649->97650 97651 87511f 64 API calls 97650->97651 97652 8e2d29 97651->97652 97869 8e2e66 97652->97869 97655 8750f5 40 API calls 97656 8e2d56 97655->97656 97657 8750f5 40 API calls 97656->97657 97658 8e2d66 97657->97658 97659 8750f5 40 API calls 97658->97659 97660 8e2d81 97659->97660 97661 8750f5 40 API calls 97660->97661 97662 8e2d9c 97661->97662 97663 87511f 64 API calls 97662->97663 97664 8e2db3 97663->97664 97665 89ea0c ___std_exception_copy 21 API calls 97664->97665 97666 8e2dba 97665->97666 97667 89ea0c ___std_exception_copy 21 API calls 97666->97667 97668 8e2dc4 97667->97668 97669 8750f5 40 API calls 97668->97669 97670 8e2dd8 97669->97670 97671 8e28fe 27 API calls 97670->97671 97673 8e2dee 97671->97673 97672 8e2d3f 97672->97598 97673->97672 97875 8e22ce 79 API calls 97673->97875 97676 88fe0b 22 API calls 97675->97676 97677 8d96ae __fread_nolock 97676->97677 97677->97611 97677->97677 97680 8e0b65 97678->97680 97679 88fddb 22 API calls 97681 8e0b7c 97679->97681 97680->97679 97682 879cb3 22 API calls 97681->97682 97683 8e0b87 97682->97683 97683->97611 97685 87a52b 97684->97685 97691 87a4b1 __fread_nolock 97684->97691 97687 88fe0b 22 API calls 97685->97687 97686 88fddb 22 API calls 97688 87a4b8 97686->97688 97687->97691 97689 88fddb 22 API calls 97688->97689 97690 87a4d6 97688->97690 97689->97690 97690->97611 97691->97686 97693 87400a 97692->97693 97695 8740ae 97692->97695 97694 88fe0b 22 API calls 97693->97694 97697 87403c 97693->97697 97694->97697 97695->97611 97696 88fddb 22 API calls 97696->97697 97697->97695 97697->97696 97698->97609 97700 874f43 97699->97700 97704 874f4a 97699->97704 97876 89e678 97700->97876 97702 874f6a FreeLibrary 97703 874f59 97702->97703 97703->97605 97704->97702 97704->97703 97705->97608 97706->97611 97707->97610 97709 874ec6 97708->97709 97710 874ea8 GetProcAddress 97708->97710 97713 89e5eb 97709->97713 97711 874eb8 97710->97711 97711->97709 97712 874ebf FreeLibrary 97711->97712 97712->97709 97746 89e52a 97713->97746 97715 874eea 97715->97632 97715->97633 97717 874e6e GetProcAddress 97716->97717 97718 874e8d 97716->97718 97719 874e7e 97717->97719 97721 874f80 97718->97721 97719->97718 97720 874e86 FreeLibrary 97719->97720 97720->97718 97722 88fe0b 22 API calls 97721->97722 97723 874f95 97722->97723 97724 875722 22 API calls 97723->97724 97725 874fa1 __fread_nolock 97724->97725 97726 8750a5 97725->97726 97727 8b3d1d 97725->97727 97737 874fdc 97725->97737 97798 8742a2 CreateStreamOnHGlobal 97726->97798 97809 8e304d 74 API calls 97727->97809 97730 8b3d22 97732 87511f 64 API calls 97730->97732 97731 8750f5 40 API calls 97731->97737 97733 8b3d45 97732->97733 97734 8750f5 40 API calls 97733->97734 97736 87506e ISource 97734->97736 97736->97641 97737->97730 97737->97731 97737->97736 97804 87511f 97737->97804 97739 875107 97738->97739 97740 8b3d70 97738->97740 97831 89e8c4 97739->97831 97743 8e28fe 97852 8e274e 97743->97852 97745 8e2919 97745->97648 97748 89e536 __FrameHandler3::FrameUnwindToState 97746->97748 97747 89e544 97771 89f2d9 20 API calls _abort 97747->97771 97748->97747 97750 89e574 97748->97750 97752 89e579 97750->97752 97753 89e586 97750->97753 97751 89e549 97772 8a27ec 26 API calls _abort 97751->97772 97773 89f2d9 20 API calls _abort 97752->97773 97763 8a8061 97753->97763 97757 89e58f 97758 89e5a2 97757->97758 97759 89e595 97757->97759 97775 89e5d4 LeaveCriticalSection __fread_nolock 97758->97775 97774 89f2d9 20 API calls _abort 97759->97774 97760 89e554 __fread_nolock 97760->97715 97764 8a806d __FrameHandler3::FrameUnwindToState 97763->97764 97776 8a2f5e EnterCriticalSection 97764->97776 97766 8a807b 97777 8a80fb 97766->97777 97770 8a80ac __fread_nolock 97770->97757 97771->97751 97772->97760 97773->97760 97774->97760 97775->97760 97776->97766 97785 8a811e 97777->97785 97778 8a8177 97780 8a4c7d _abort 20 API calls 97778->97780 97779 8a8088 97790 8a80b7 97779->97790 97781 8a8180 97780->97781 97783 8a29c8 _free 20 API calls 97781->97783 97784 8a8189 97783->97784 97784->97779 97795 8a3405 11 API calls 2 library calls 97784->97795 97785->97778 97785->97779 97785->97785 97793 89918d EnterCriticalSection 97785->97793 97794 8991a1 LeaveCriticalSection 97785->97794 97787 8a81a8 97796 89918d EnterCriticalSection 97787->97796 97797 8a2fa6 LeaveCriticalSection 97790->97797 97792 8a80be 97792->97770 97793->97785 97794->97785 97795->97787 97796->97779 97797->97792 97799 8742bc FindResourceExW 97798->97799 97803 8742d9 97798->97803 97800 8b35ba LoadResource 97799->97800 97799->97803 97801 8b35cf SizeofResource 97800->97801 97800->97803 97802 8b35e3 LockResource 97801->97802 97801->97803 97802->97803 97803->97737 97805 87512e 97804->97805 97806 8b3d90 97804->97806 97810 89ece3 97805->97810 97809->97730 97813 89eaaa 97810->97813 97812 87513c 97812->97737 97817 89eab6 __FrameHandler3::FrameUnwindToState 97813->97817 97814 89eac2 97826 89f2d9 20 API calls _abort 97814->97826 97816 89eae8 97828 89918d EnterCriticalSection 97816->97828 97817->97814 97817->97816 97818 89eac7 97827 8a27ec 26 API calls _abort 97818->97827 97821 89eaf4 97829 89ec0a 62 API calls 2 library calls 97821->97829 97823 89eb08 97830 89eb27 LeaveCriticalSection __fread_nolock 97823->97830 97825 89ead2 __fread_nolock 97825->97812 97826->97818 97827->97825 97828->97821 97829->97823 97830->97825 97834 89e8e1 97831->97834 97833 875118 97833->97743 97835 89e8ed __FrameHandler3::FrameUnwindToState 97834->97835 97836 89e92d 97835->97836 97837 89e900 ___scrt_fastfail 97835->97837 97846 89e925 __fread_nolock 97835->97846 97849 89918d EnterCriticalSection 97836->97849 97847 89f2d9 20 API calls _abort 97837->97847 97840 89e937 97850 89e6f8 38 API calls 4 library calls 97840->97850 97841 89e91a 97848 8a27ec 26 API calls _abort 97841->97848 97844 89e94e 97851 89e96c LeaveCriticalSection __fread_nolock 97844->97851 97846->97833 97847->97841 97848->97846 97849->97840 97850->97844 97851->97846 97855 89e4e8 97852->97855 97854 8e275d 97854->97745 97858 89e469 97855->97858 97857 89e505 97857->97854 97859 89e478 97858->97859 97860 89e48c 97858->97860 97866 89f2d9 20 API calls _abort 97859->97866 97865 89e488 __alldvrm 97860->97865 97868 8a333f 11 API calls 2 library calls 97860->97868 97862 89e47d 97867 8a27ec 26 API calls _abort 97862->97867 97865->97857 97866->97862 97867->97865 97868->97865 97870 8e2e7a 97869->97870 97871 8750f5 40 API calls 97870->97871 97872 8e2d3b 97870->97872 97873 8e28fe 27 API calls 97870->97873 97874 87511f 64 API calls 97870->97874 97871->97870 97872->97655 97872->97672 97873->97870 97874->97870 97875->97672 97877 89e684 __FrameHandler3::FrameUnwindToState 97876->97877 97878 89e6aa 97877->97878 97879 89e695 97877->97879 97881 89e6a5 __fread_nolock 97878->97881 97891 89918d EnterCriticalSection 97878->97891 97889 89f2d9 20 API calls _abort 97879->97889 97881->97704 97882 89e69a 97890 8a27ec 26 API calls _abort 97882->97890 97885 89e6c6 97892 89e602 97885->97892 97887 89e6d1 97908 89e6ee LeaveCriticalSection __fread_nolock 97887->97908 97889->97882 97890->97881 97891->97885 97893 89e60f 97892->97893 97894 89e624 97892->97894 97909 89f2d9 20 API calls _abort 97893->97909 97900 89e61f 97894->97900 97911 89dc0b 97894->97911 97896 89e614 97910 8a27ec 26 API calls _abort 97896->97910 97900->97887 97904 89e646 97928 8a862f 97904->97928 97907 8a29c8 _free 20 API calls 97907->97900 97908->97881 97909->97896 97910->97900 97912 89dc23 97911->97912 97913 89dc1f 97911->97913 97912->97913 97914 89d955 __fread_nolock 26 API calls 97912->97914 97917 8a4d7a 97913->97917 97915 89dc43 97914->97915 97943 8a59be 62 API calls 6 library calls 97915->97943 97918 8a4d90 97917->97918 97919 89e640 97917->97919 97918->97919 97920 8a29c8 _free 20 API calls 97918->97920 97921 89d955 97919->97921 97920->97919 97922 89d961 97921->97922 97923 89d976 97921->97923 97944 89f2d9 20 API calls _abort 97922->97944 97923->97904 97925 89d966 97945 8a27ec 26 API calls _abort 97925->97945 97927 89d971 97927->97904 97929 8a863e 97928->97929 97930 8a8653 97928->97930 97946 89f2c6 20 API calls _abort 97929->97946 97932 8a868e 97930->97932 97937 8a867a 97930->97937 97951 89f2c6 20 API calls _abort 97932->97951 97933 8a8643 97947 89f2d9 20 API calls _abort 97933->97947 97935 8a8693 97952 89f2d9 20 API calls _abort 97935->97952 97948 8a8607 97937->97948 97940 8a869b 97953 8a27ec 26 API calls _abort 97940->97953 97941 89e64c 97941->97900 97941->97907 97943->97913 97944->97925 97945->97927 97946->97933 97947->97941 97954 8a8585 97948->97954 97950 8a862b 97950->97941 97951->97935 97952->97940 97953->97941 97955 8a8591 __FrameHandler3::FrameUnwindToState 97954->97955 97965 8a5147 EnterCriticalSection 97955->97965 97957 8a859f 97958 8a85d1 97957->97958 97959 8a85c6 97957->97959 97966 89f2d9 20 API calls _abort 97958->97966 97961 8a86ae __wsopen_s 29 API calls 97959->97961 97962 8a85cc 97961->97962 97967 8a85fb LeaveCriticalSection __wsopen_s 97962->97967 97964 8a85ee __fread_nolock 97964->97950 97965->97957 97966->97962 97967->97964 97968 871cad SystemParametersInfoW 97969 87ddac 97972 87caf0 97969->97972 97971 87ddb7 97973 87cb69 97972->97973 97976 87cf89 97972->97976 97974 87cf73 97973->97974 97975 87cb8c 97973->97975 98070 88d336 40 API calls 97974->98070 97975->97976 98058 87bbe0 97975->98058 98087 8e359c 82 API calls __wsopen_s 97976->98087 97980 8c0ee7 97980->97980 97981 87cd88 97985 87b567 39 API calls 97981->97985 97982 87cba7 97982->97976 97982->97981 97983 87cbf6 97982->97983 97984 87cf10 97982->97984 97992 8c0abf 97982->97992 97986 87cc07 97983->97986 97987 8c0b1a 97983->97987 98069 87a81b 41 API calls 97984->98069 97995 87cde8 97985->97995 97990 87ec40 348 API calls 97986->97990 97987->97976 97991 87ec40 348 API calls 97987->97991 98002 87cc1e 97990->98002 97994 8c0b41 97991->97994 97992->97987 98016 87ce8b 97992->98016 98071 8f79b6 348 API calls 97992->98071 98072 88a308 348 API calls 97992->98072 97996 8c0b51 97994->97996 97998 8c0bbe 97994->97998 97994->98016 98020 8c0b63 97994->98020 98005 8c0daa 97995->98005 98010 87cdfe 97995->98010 98012 8c0e4c 97995->98012 97995->98016 98001 87aceb 23 API calls 97996->98001 97997 87cc3a 97997->97976 98000 87ec40 348 API calls 97997->98000 97999 8c0c0d 97998->97999 98003 8c0bfb 97998->98003 98073 8db59b 22 API calls 97998->98073 98075 8f47d4 348 API calls 97999->98075 98024 87cc82 98000->98024 98001->98003 98002->97976 98002->97997 98002->98016 98076 87a8c7 22 API calls __fread_nolock 98002->98076 98074 879c6e 22 API calls 98003->98074 98082 8f4523 352 API calls ___scrt_fastfail 98005->98082 98006 8c0e4a 98086 87289a 23 API calls 98006->98086 98010->98006 98010->98012 98067 87b649 54 API calls 98010->98067 98084 8f5705 23 API calls 98012->98084 98013 8c0bb9 98017 87aceb 23 API calls 98013->98017 98016->97971 98017->97996 98018 87ce43 98018->98012 98021 8c0e77 98018->98021 98068 87b649 54 API calls 98018->98068 98019 8c0de7 98028 8c0e35 98019->98028 98029 8c0df5 98019->98029 98020->98003 98023 8804f0 22 API calls 98020->98023 98085 87b649 54 API calls 98021->98085 98025 8c0ba8 98023->98025 98024->98016 98034 87ec40 348 API calls 98024->98034 98041 87ccb2 98024->98041 98025->98003 98033 8804f0 22 API calls 98025->98033 98030 87aceb 23 API calls 98028->98030 98083 879c6e 22 API calls 98029->98083 98035 8c0e3e 98030->98035 98031 87ce5f 98031->98006 98031->98012 98038 87ce84 98031->98038 98033->98013 98036 8c0cc3 98034->98036 98037 87aceb 23 API calls 98035->98037 98036->98016 98039 87aceb 23 API calls 98036->98039 98037->98006 98040 88fddb 22 API calls 98038->98040 98039->98041 98040->98016 98044 8c0d06 98041->98044 98045 87ccf2 98041->98045 98042 8c0d23 98079 88ad9c 39 API calls 98042->98079 98043 8c0d19 98078 87b415 39 API calls 98043->98078 98044->98043 98077 88ad9c 39 API calls 98044->98077 98045->97976 98045->97984 98045->98042 98049 87cd2e 98045->98049 98049->98042 98050 87cd45 98049->98050 98052 87cd4a 98049->98052 98066 87b415 39 API calls 98050->98066 98053 87cd74 98052->98053 98055 8c0d66 98052->98055 98053->97976 98053->97981 98054 8c0d7a 98081 87b415 39 API calls 98054->98081 98055->98054 98080 88ad9c 39 API calls 98055->98080 98059 87be27 98058->98059 98064 87bbf3 98058->98064 98059->97982 98061 87a961 22 API calls 98061->98064 98062 87bc9d 98062->97982 98064->98061 98064->98062 98088 890242 5 API calls __Init_thread_wait 98064->98088 98089 8900a3 29 API calls __onexit 98064->98089 98090 8901f8 EnterCriticalSection LeaveCriticalSection SetEvent ResetEvent 98064->98090 98066->98052 98067->98018 98068->98031 98069->97981 98070->97976 98071->97992 98072->97992 98073->98013 98074->97999 98075->98002 98076->97997 98077->98043 98078->98042 98079->98052 98080->98054 98081->97976 98082->98019 98083->98016 98084->98021 98085->98006 98086->98016 98087->97980 98088->98064 98089->98064 98090->98064 98091 8b2ba5 98092 872b25 98091->98092 98093 8b2baf 98091->98093 98119 872b83 7 API calls 98092->98119 98095 873a5a 24 API calls 98093->98095 98097 8b2bb8 98095->98097 98099 879cb3 22 API calls 98097->98099 98101 8b2bc6 98099->98101 98100 872b2f 98106 873837 49 API calls 98100->98106 98111 872b44 98100->98111 98102 8b2bce 98101->98102 98103 8b2bf5 98101->98103 98104 8733c6 22 API calls 98102->98104 98105 8733c6 22 API calls 98103->98105 98107 8b2bd9 98104->98107 98108 8b2bf1 GetForegroundWindow ShellExecuteW 98105->98108 98106->98111 98123 876350 22 API calls 98107->98123 98115 8b2c26 98108->98115 98110 872b5f 98117 872b66 SetCurrentDirectoryW 98110->98117 98111->98110 98114 8730f2 Shell_NotifyIconW 98111->98114 98113 8b2be7 98116 8733c6 22 API calls 98113->98116 98114->98110 98115->98110 98116->98108 98118 872b7a 98117->98118 98124 872cd4 7 API calls 98119->98124 98121 872b2a 98122 872c63 CreateWindowExW CreateWindowExW ShowWindow ShowWindow 98121->98122 98122->98100 98123->98113 98124->98121 98125 872e37 98126 87a961 22 API calls 98125->98126 98127 872e4d 98126->98127 98204 874ae3 98127->98204 98129 872e6b 98130 873a5a 24 API calls 98129->98130 98131 872e7f 98130->98131 98132 879cb3 22 API calls 98131->98132 98133 872e8c 98132->98133 98134 874ecb 94 API calls 98133->98134 98135 872ea5 98134->98135 98136 872ead 98135->98136 98137 8b2cb0 98135->98137 98218 87a8c7 22 API calls __fread_nolock 98136->98218 98138 8e2cf9 80 API calls 98137->98138 98139 8b2cc3 98138->98139 98141 874f39 68 API calls 98139->98141 98142 8b2ccf 98139->98142 98141->98142 98145 874f39 68 API calls 98142->98145 98143 872ec3 98219 876f88 22 API calls 98143->98219 98147 8b2ce5 98145->98147 98146 872ecf 98148 879cb3 22 API calls 98146->98148 98236 873084 22 API calls 98147->98236 98149 872edc 98148->98149 98220 87a81b 41 API calls 98149->98220 98151 872eec 98154 879cb3 22 API calls 98151->98154 98153 8b2d02 98237 873084 22 API calls 98153->98237 98155 872f12 98154->98155 98221 87a81b 41 API calls 98155->98221 98157 8b2d1e 98159 873a5a 24 API calls 98157->98159 98160 8b2d44 98159->98160 98238 873084 22 API calls 98160->98238 98161 872f21 98164 87a961 22 API calls 98161->98164 98163 8b2d50 98239 87a8c7 22 API calls __fread_nolock 98163->98239 98166 872f3f 98164->98166 98222 873084 22 API calls 98166->98222 98167 8b2d5e 98240 873084 22 API calls 98167->98240 98170 872f4b 98223 894a28 40 API calls 3 library calls 98170->98223 98171 8b2d6d 98241 87a8c7 22 API calls __fread_nolock 98171->98241 98173 872f59 98173->98147 98174 872f63 98173->98174 98224 894a28 40 API calls 3 library calls 98174->98224 98177 872f6e 98177->98153 98179 872f78 98177->98179 98178 8b2d83 98242 873084 22 API calls 98178->98242 98225 894a28 40 API calls 3 library calls 98179->98225 98181 8b2d90 98183 872f83 98183->98157 98184 872f8d 98183->98184 98226 894a28 40 API calls 3 library calls 98184->98226 98186 872f98 98187 872fdc 98186->98187 98227 873084 22 API calls 98186->98227 98187->98171 98188 872fe8 98187->98188 98188->98181 98230 8763eb 22 API calls 98188->98230 98191 872fbf 98228 87a8c7 22 API calls __fread_nolock 98191->98228 98192 872ff8 98231 876a50 22 API calls 98192->98231 98194 872fcd 98229 873084 22 API calls 98194->98229 98197 873006 98232 8770b0 23 API calls 98197->98232 98201 873021 98202 873065 98201->98202 98233 876f88 22 API calls 98201->98233 98234 8770b0 23 API calls 98201->98234 98235 873084 22 API calls 98201->98235 98205 874af0 __wsopen_s 98204->98205 98206 876b57 22 API calls 98205->98206 98207 874b22 98205->98207 98206->98207 98217 874b58 98207->98217 98243 874c6d 98207->98243 98209 874c29 98210 879cb3 22 API calls 98209->98210 98213 874c5e 98209->98213 98212 874c52 98210->98212 98211 879cb3 22 API calls 98211->98217 98214 87515f 22 API calls 98212->98214 98213->98129 98214->98213 98215 874c6d 22 API calls 98215->98217 98216 87515f 22 API calls 98216->98217 98217->98209 98217->98211 98217->98215 98217->98216 98218->98143 98219->98146 98220->98151 98221->98161 98222->98170 98223->98173 98224->98177 98225->98183 98226->98186 98227->98191 98228->98194 98229->98187 98230->98192 98231->98197 98232->98201 98233->98201 98234->98201 98235->98201 98236->98153 98237->98157 98238->98163 98239->98167 98240->98171 98241->98178 98242->98181 98244 87aec9 22 API calls 98243->98244 98245 874c78 98244->98245 98245->98207 98246 8903fb 98247 890407 __FrameHandler3::FrameUnwindToState 98246->98247 98275 88feb1 98247->98275 98249 89040e 98250 890561 98249->98250 98253 890438 98249->98253 98305 89083f IsProcessorFeaturePresent IsDebuggerPresent SetUnhandledExceptionFilter UnhandledExceptionFilter ___scrt_fastfail 98250->98305 98252 890568 98298 894e52 98252->98298 98262 890477 ___scrt_is_nonwritable_in_current_image ___scrt_release_startup_lock 98253->98262 98286 8a247d 98253->98286 98260 890457 98266 8904d8 98262->98266 98301 894e1a 38 API calls 2 library calls 98262->98301 98264 8904de 98267 8904f3 98264->98267 98294 890959 98266->98294 98302 890992 GetModuleHandleW 98267->98302 98269 8904fa 98269->98252 98270 8904fe 98269->98270 98271 890507 98270->98271 98303 894df5 28 API calls _abort 98270->98303 98304 890040 13 API calls 2 library calls 98271->98304 98274 89050f 98274->98260 98276 88feba 98275->98276 98307 890698 IsProcessorFeaturePresent 98276->98307 98278 88fec6 98308 892c94 10 API calls 3 library calls 98278->98308 98280 88fecb 98285 88fecf 98280->98285 98309 8a2317 98280->98309 98283 88fee6 98283->98249 98285->98249 98289 8a2494 98286->98289 98287 890a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 98288 890451 98287->98288 98288->98260 98290 8a2421 98288->98290 98289->98287 98292 8a2450 98290->98292 98291 890a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 98293 8a2479 98291->98293 98292->98291 98293->98262 98360 892340 98294->98360 98296 89096c GetStartupInfoW 98297 89097f 98296->98297 98297->98264 98362 894bcf 98298->98362 98301->98266 98302->98269 98303->98271 98304->98274 98305->98252 98307->98278 98308->98280 98313 8ad1f6 98309->98313 98312 892cbd 8 API calls 3 library calls 98312->98285 98316 8ad213 98313->98316 98317 8ad20f 98313->98317 98315 88fed8 98315->98283 98315->98312 98316->98317 98319 8a4bfb 98316->98319 98331 890a8c 98317->98331 98320 8a4c07 __FrameHandler3::FrameUnwindToState 98319->98320 98338 8a2f5e EnterCriticalSection 98320->98338 98322 8a4c0e 98339 8a50af 98322->98339 98324 8a4c1d 98330 8a4c2c 98324->98330 98352 8a4a8f 29 API calls 98324->98352 98327 8a4c27 98353 8a4b45 GetStdHandle GetFileType 98327->98353 98329 8a4c3d __fread_nolock 98329->98316 98354 8a4c48 LeaveCriticalSection _abort 98330->98354 98332 890a95 98331->98332 98333 890a97 IsProcessorFeaturePresent 98331->98333 98332->98315 98335 890c5d 98333->98335 98359 890c21 SetUnhandledExceptionFilter UnhandledExceptionFilter GetCurrentProcess TerminateProcess 98335->98359 98337 890d40 98337->98315 98338->98322 98340 8a50bb __FrameHandler3::FrameUnwindToState 98339->98340 98341 8a50c8 98340->98341 98342 8a50df 98340->98342 98356 89f2d9 20 API calls _abort 98341->98356 98355 8a2f5e EnterCriticalSection 98342->98355 98345 8a50cd 98357 8a27ec 26 API calls _abort 98345->98357 98347 8a5117 98358 8a513e LeaveCriticalSection _abort 98347->98358 98348 8a50d7 __fread_nolock 98348->98324 98349 8a50eb 98349->98347 98351 8a5000 __wsopen_s 21 API calls 98349->98351 98351->98349 98352->98327 98353->98330 98354->98329 98355->98349 98356->98345 98357->98348 98358->98348 98359->98337 98361 892357 98360->98361 98361->98296 98361->98361 98363 894bdb _abort 98362->98363 98364 894be2 98363->98364 98365 894bf4 98363->98365 98401 894d29 GetModuleHandleW 98364->98401 98386 8a2f5e EnterCriticalSection 98365->98386 98368 894be7 98368->98365 98402 894d6d GetModuleHandleExW 98368->98402 98369 894c99 98390 894cd9 98369->98390 98372 894c70 98375 894c88 98372->98375 98381 8a2421 _abort 5 API calls 98372->98381 98382 8a2421 _abort 5 API calls 98375->98382 98376 894ce2 98410 8b1d29 5 API calls __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 98376->98410 98377 894cb6 98393 894ce8 98377->98393 98381->98375 98382->98369 98383 894bfb 98383->98369 98383->98372 98387 8a21a8 98383->98387 98386->98383 98411 8a1ee1 98387->98411 98430 8a2fa6 LeaveCriticalSection 98390->98430 98392 894cb2 98392->98376 98392->98377 98431 8a360c 98393->98431 98396 894d16 98399 894d6d _abort 8 API calls 98396->98399 98397 894cf6 GetPEB 98397->98396 98398 894d06 GetCurrentProcess TerminateProcess 98397->98398 98398->98396 98400 894d1e ExitProcess 98399->98400 98401->98368 98403 894dba 98402->98403 98404 894d97 GetProcAddress 98402->98404 98406 894dc9 98403->98406 98407 894dc0 FreeLibrary 98403->98407 98405 894dac 98404->98405 98405->98403 98408 890a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 98406->98408 98407->98406 98409 894bf3 98408->98409 98409->98365 98414 8a1e90 98411->98414 98413 8a1f05 98413->98372 98415 8a1e9c __FrameHandler3::FrameUnwindToState 98414->98415 98422 8a2f5e EnterCriticalSection 98415->98422 98417 8a1eaa 98423 8a1f31 98417->98423 98421 8a1ec8 __fread_nolock 98421->98413 98422->98417 98424 8a1f51 98423->98424 98427 8a1f59 98423->98427 98425 890a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 98424->98425 98426 8a1eb7 98425->98426 98429 8a1ed5 LeaveCriticalSection _abort 98426->98429 98427->98424 98428 8a29c8 _free 20 API calls 98427->98428 98428->98424 98429->98421 98430->98392 98432 8a3631 98431->98432 98433 8a3627 98431->98433 98438 8a2fd7 5 API calls 2 library calls 98432->98438 98435 890a8c __ehhandler$?_ScheduleContinuationTask@_Task_impl_base@details@Concurrency@@QAEXPAU_ContinuationTaskHandleBase@23@@Z 5 API calls 98433->98435 98436 894cf2 98435->98436 98436->98396 98436->98397 98437 8a3648 98437->98433 98438->98437 98439 871033 98444 874c91 98439->98444 98443 871042 98445 87a961 22 API calls 98444->98445 98446 874cff 98445->98446 98452 873af0 98446->98452 98449 874d9c 98450 871038 98449->98450 98455 8751f7 22 API calls __fread_nolock 98449->98455 98451 8900a3 29 API calls __onexit 98450->98451 98451->98443 98453 873b1c 3 API calls 98452->98453 98454 873b0f 98453->98454 98454->98449 98455->98449 98456 87fe73 98463 88ceb1 98456->98463 98458 87fe89 98472 88cf92 98458->98472 98460 87feb3 98484 8e359c 82 API calls __wsopen_s 98460->98484 98462 8c4ab8 98464 88cebf 98463->98464 98465 88ced2 98463->98465 98466 87aceb 23 API calls 98464->98466 98467 88cf05 98465->98467 98468 88ced7 98465->98468 98471 88cec9 98466->98471 98470 87aceb 23 API calls 98467->98470 98469 88fddb 22 API calls 98468->98469 98469->98471 98470->98471 98471->98458 98473 876270 22 API calls 98472->98473 98474 88cfc9 98473->98474 98475 879cb3 22 API calls 98474->98475 98477 88cffa 98474->98477 98476 8cd166 98475->98476 98485 876350 22 API calls 98476->98485 98477->98460 98479 8cd171 98486 88d2f0 40 API calls 98479->98486 98481 8cd184 98482 87aceb 23 API calls 98481->98482 98483 8cd188 98481->98483 98482->98483 98483->98483 98484->98462 98485->98479 98486->98481 98487 8cd27a GetUserNameW 98488 8cd292 98487->98488 98489 8c3f75 98490 88ceb1 23 API calls 98489->98490 98491 8c3f8b 98490->98491 98499 8c4006 98491->98499 98500 88e300 23 API calls 98491->98500 98493 87bf40 348 API calls 98494 8c4052 98493->98494 98497 8c4a88 98494->98497 98502 8e359c 82 API calls __wsopen_s 98494->98502 98496 8c3fe6 98496->98494 98501 8e1abf 22 API calls 98496->98501 98499->98493 98500->98496 98501->98499 98502->98497 98503 87defc 98506 871d6f 98503->98506 98505 87df07 98507 871d8c 98506->98507 98508 871f6f 348 API calls 98507->98508 98509 871da6 98508->98509 98510 8b2759 98509->98510 98512 871e36 98509->98512 98513 871dc2 98509->98513 98516 8e359c 82 API calls __wsopen_s 98510->98516 98512->98505 98513->98512 98515 87289a 23 API calls 98513->98515 98515->98512 98516->98512

                                                                                                                                                                                                                                                                                                                                                                        Executed Functions

                                                                                                                                                                                                                                                                                                                                                                        Function 008742DE Relevance: 21.2, APIs: 9, Strings: 3, Instructions: 235libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 389 8742de-87434d call 87a961 GetVersionExW call 876b57 394 874353 389->394 395 8b3617-8b362a 389->395 397 874355-874357 394->397 396 8b362b-8b362f 395->396 398 8b3632-8b363e 396->398 399 8b3631 396->399 400 87435d-8743bc call 8793b2 call 8737a0 397->400 401 8b3656 397->401 398->396 402 8b3640-8b3642 398->402 399->398 415 8b37df-8b37e6 400->415 416 8743c2-8743c4 400->416 405 8b365d-8b3660 401->405 402->397 404 8b3648-8b364f 402->404 404->395 407 8b3651 404->407 408 87441b-874435 GetCurrentProcess IsWow64Process 405->408 409 8b3666-8b36a8 405->409 407->401 412 874437 408->412 413 874494-87449a 408->413 409->408 414 8b36ae-8b36b1 409->414 417 87443d-874449 412->417 413->417 418 8b36db-8b36e5 414->418 419 8b36b3-8b36bd 414->419 423 8b37e8 415->423 424 8b3806-8b3809 415->424 416->405 422 8743ca-8743dd 416->422 427 87444f-87445e LoadLibraryA 417->427 428 8b3824-8b3828 GetSystemInfo 417->428 425 8b36f8-8b3702 418->425 426 8b36e7-8b36f3 418->426 420 8b36ca-8b36d6 419->420 421 8b36bf-8b36c5 419->421 420->408 421->408 429 8743e3-8743e5 422->429 430 8b3726-8b372f 422->430 431 8b37ee 423->431 434 8b380b-8b381a 424->434 435 8b37f4-8b37fc 424->435 432 8b3715-8b3721 425->432 433 8b3704-8b3710 425->433 426->408 436 874460-87446e GetProcAddress 427->436 437 87449c-8744a6 GetSystemInfo 427->437 439 8b374d-8b3762 429->439 440 8743eb-8743ee 429->440 441 8b373c-8b3748 430->441 442 8b3731-8b3737 430->442 431->435 432->408 433->408 434->431 443 8b381c-8b3822 434->443 435->424 436->437 444 874470-874474 GetNativeSystemInfo 436->444 438 874476-874478 437->438 449 874481-874493 438->449 450 87447a-87447b FreeLibrary 438->450 447 8b376f-8b377b 439->447 448 8b3764-8b376a 439->448 445 8743f4-87440f 440->445 446 8b3791-8b3794 440->446 441->408 442->408 443->435 444->438 451 874415 445->451 452 8b3780-8b378c 445->452 446->408 453 8b379a-8b37c1 446->453 447->408 448->408 450->449 451->408 452->408 454 8b37ce-8b37da 453->454 455 8b37c3-8b37c9 453->455 454->408 455->408
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetVersionExW.KERNEL32(?), ref: 0087430D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00876B57: _wcslen.LIBCMT ref: 00876B6A
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,0090CB64,00000000,?,?), ref: 00874422
                                                                                                                                                                                                                                                                                                                                                                        • IsWow64Process.KERNEL32(00000000,?,?), ref: 00874429
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?), ref: 00874454
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,GetNativeSystemInfo), ref: 00874466
                                                                                                                                                                                                                                                                                                                                                                        • GetNativeSystemInfo.KERNEL32(?,?,?), ref: 00874474
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?), ref: 0087447B
                                                                                                                                                                                                                                                                                                                                                                        • GetSystemInfo.KERNEL32(?,?,?), ref: 008744A0
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: InfoLibraryProcessSystem$AddressCurrentFreeLoadNativeProcVersionWow64_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: GetNativeSystemInfo$kernel32.dll$|O
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3290436268-3101561225
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 72f2f9eb2a31be519057d3d2c531bb27d39d3492057121451912f915461db3ab
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 97498a7a1bfdebb1de76cfa6793bcf67de69e872355c36e1547a5b23a787ab85
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 72f2f9eb2a31be519057d3d2c531bb27d39d3492057121451912f915461db3ab
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7A1C46A93E2C4DFC711CF697C409E57FA4BB27744B0495A9E045D3B26E32085C8FB25
                                                                                                                                                                                                                                                                                                                                                                        Function 008742A2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 817 8742a2-8742ba CreateStreamOnHGlobal 818 8742bc-8742d3 FindResourceExW 817->818 819 8742da-8742dd 817->819 820 8b35ba-8b35c9 LoadResource 818->820 821 8742d9 818->821 820->821 822 8b35cf-8b35dd SizeofResource 820->822 821->819 822->821 823 8b35e3-8b35ee LockResource 822->823 823->821 824 8b35f4-8b3612 823->824 824->821
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.COMBASE(00000000,00000001,?,?,?,?,?,008750AA,?,?,00000000,00000000), ref: 008742B2
                                                                                                                                                                                                                                                                                                                                                                        • FindResourceExW.KERNEL32(?,0000000A,SCRIPT,00000000,?,?,008750AA,?,?,00000000,00000000), ref: 008742C9
                                                                                                                                                                                                                                                                                                                                                                        • LoadResource.KERNEL32(?,00000000,?,?,008750AA,?,?,00000000,00000000,?,?,?,?,?,?,00874F20), ref: 008B35BE
                                                                                                                                                                                                                                                                                                                                                                        • SizeofResource.KERNEL32(?,00000000,?,?,008750AA,?,?,00000000,00000000,?,?,?,?,?,?,00874F20), ref: 008B35D3
                                                                                                                                                                                                                                                                                                                                                                        • LockResource.KERNEL32(008750AA,?,?,008750AA,?,?,00000000,00000000,?,?,?,?,?,?,00874F20,?), ref: 008B35E6
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Resource$CreateFindGlobalLoadLockSizeofStream
                                                                                                                                                                                                                                                                                                                                                                        • String ID: SCRIPT
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3051347437-3967369404
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7e45ec8ae874fc1247f597907678fff5ac139e7c156fc7ed2705fb1b25990d04
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4c6918db9129075fe604bb72038c30bf5fe20d5a85500280641d9aee7aaa56e7
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e45ec8ae874fc1247f597907678fff5ac139e7c156fc7ed2705fb1b25990d04
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 61118EB0214701BFD7218B69DC48F677BBDFBC5B51F208269F416D6690DBB2DC10AA20
                                                                                                                                                                                                                                                                                                                                                                        Function 008B2BA5 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00872B6B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00873A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00941418,?,00872E7F,?,?,?,00000000), ref: 00873A78
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(runas,?,?,?,?,?,00932224), ref: 008B2C10
                                                                                                                                                                                                                                                                                                                                                                        • ShellExecuteW.SHELL32(00000000,?,?,00932224), ref: 008B2C17
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentDirectoryExecuteFileForegroundModuleNameShellWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: runas
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 448630720-4000483414
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 08a215609dc1e63025f3041541a3729bb8a2b3bef64184d35c8e3ad6795e515e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3382ff90fdbb2c301004301ccfeb7e79f3efef9647160b05e63cb29e12365f37
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 08a215609dc1e63025f3041541a3729bb8a2b3bef64184d35c8e3ad6795e515e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C11B431208305AAC714FF68D892DBE7BA4FF95354F44842DF08AD21AADF30C649A713
                                                                                                                                                                                                                                                                                                                                                                        Function 008DD4DC Relevance: 6.1, APIs: 4, Instructions: 86processCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 008DD501
                                                                                                                                                                                                                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 008DD50F
                                                                                                                                                                                                                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 008DD52F
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 008DD5DC
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 420147892-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 43e7631deff91dc6f770230cb8a1c9725c690861fb770b827200d1f2cfa2a800
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2f7ad9b6fa48af6160421bac9fe25ccee29f5139b3abfe41cb516c82c6f5d30a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 43e7631deff91dc6f770230cb8a1c9725c690861fb770b827200d1f2cfa2a800
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F315C711083009FD305EF58D881AAABBF8FF99354F14462DF585C62A1EB71E945CB93
                                                                                                                                                                                                                                                                                                                                                                        Function 008DDBBE Relevance: 6.0, APIs: 4, Instructions: 29filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,008B5222), ref: 008DDBCE
                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 008DDBDD
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 008DDBEE
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 008DDBFA
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileFind$AttributesCloseFirstlstrlen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2695905019-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c8c2212c3d903cdc833b079203d407251b6b44eebe5b264610596fe64c511408
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: be3b7a28c5be018f0e3615081329658aa59eca547d98c2c4efb95a34f2c69bfb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c8c2212c3d903cdc833b079203d407251b6b44eebe5b264610596fe64c511408
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1F0A070838A145BC2206B7CAC0E8BA376CEF01334F204703F836C22E1EBB099549695
                                                                                                                                                                                                                                                                                                                                                                        Function 008CD21C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 17timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LocalTime
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %.3d$X64
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 481472006-1077770165
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 98ea39123490ecd51e20683e2eef870a106fcd9f962ca04f28680afc84d1266d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ac5885141a035d7e08c7660a3a8a05d11252d3ad22c579ac9412440bd14073b5
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98ea39123490ecd51e20683e2eef870a106fcd9f962ca04f28680afc84d1266d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89D012A1C0830DE9CB50B7D0DC45EBAF3BCFB09305F508476F906D2041D634E5486B61
                                                                                                                                                                                                                                                                                                                                                                        Function 00894CE8 Relevance: 4.5, APIs: 3, Instructions: 20COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(008A28E9,?,00894CBE,008A28E9,009388B8,0000000C,00894E15,008A28E9,00000002,00000000,?,008A28E9), ref: 00894D09
                                                                                                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,?,00894CBE,008A28E9,009388B8,0000000C,00894E15,008A28E9,00000002,00000000,?,008A28E9), ref: 00894D10
                                                                                                                                                                                                                                                                                                                                                                        • ExitProcess.KERNEL32 ref: 00894D22
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$CurrentExitTerminate
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1703294689-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cdd36ccbf9efdf37eeba5081e89ccb8d8b9caa95e9c51e48aa30aed2b40bfdab
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 43c82b5b977ffc4177fa7b89b9b0e5933e548c6cc58ce25d9580d37181768875
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cdd36ccbf9efdf37eeba5081e89ccb8d8b9caa95e9c51e48aa30aed2b40bfdab
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1E0B675124148AFCF15BF54DD09E583B69FB46781B148114FC05CA122CB35DD42EB80
                                                                                                                                                                                                                                                                                                                                                                        Function 008CD27A Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 10COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetUserNameW.ADVAPI32(?,?), ref: 008CD28C
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: NameUser
                                                                                                                                                                                                                                                                                                                                                                        • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2645101109-893830106
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fe2a283d518c62a836ae66bc8b626480679d786de0962f218adae3878883e2ec
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1bc885c1f229d5ac8ea4673f7f834a5e33d0a6ce305318d0f726896bfca06a93
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fe2a283d518c62a836ae66bc8b626480679d786de0962f218adae3878883e2ec
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FBD0E9B581521DEECF94DB90DC88DD9B77CFB14349F104655F506E2140D77495499F10
                                                                                                                                                                                                                                                                                                                                                                        Function 0087CAF0 Relevance: 1.9, Strings: 1, Instructions: 659COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        • Variable is not of type 'Object'., xrefs: 008C0C40
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Variable is not of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-1840281001
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9f1213a73e699572557877515de19944856fb73c115087fb620351a8237de91d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a91ef9daa8a34843f980f61eedcbf42fe878cefa4ca43cdce5d829ede0349261
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9f1213a73e699572557877515de19944856fb73c115087fb620351a8237de91d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF324470904218DBDF14DF94C880BEDBBB5FB05348F24806DE80AEB296DB75EA45DB61
                                                                                                                                                                                                                                                                                                                                                                        Function 008FAFF9 Relevance: 24.4, APIs: 16, Instructions: 418processCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 0 8faff9-8fb056 call 892340 3 8fb058-8fb06b call 87b567 0->3 4 8fb094-8fb098 0->4 12 8fb06d-8fb092 call 87b567 * 2 3->12 13 8fb0c8 3->13 6 8fb0dd-8fb0e0 4->6 7 8fb09a-8fb0bb call 87b567 * 2 4->7 9 8fb0f5-8fb119 call 877510 call 877620 6->9 10 8fb0e2-8fb0e5 6->10 29 8fb0bf-8fb0c4 7->29 31 8fb11f-8fb178 call 877510 call 877620 call 877510 call 877620 call 877510 call 877620 9->31 32 8fb1d8-8fb1e0 9->32 14 8fb0e8-8fb0ed call 87b567 10->14 12->29 17 8fb0cb-8fb0cf 13->17 14->9 23 8fb0d9-8fb0db 17->23 24 8fb0d1-8fb0d7 17->24 23->6 23->9 24->14 29->6 33 8fb0c6 29->33 82 8fb17a-8fb195 call 877510 call 877620 31->82 83 8fb1a6-8fb1d6 GetSystemDirectoryW call 88fe0b GetSystemDirectoryW 31->83 36 8fb20a-8fb238 GetCurrentDirectoryW call 88fe0b GetCurrentDirectoryW 32->36 37 8fb1e2-8fb1fd call 877510 call 877620 32->37 33->17 45 8fb23c 36->45 37->36 53 8fb1ff-8fb208 call 894963 37->53 48 8fb240-8fb244 45->48 51 8fb246-8fb270 call 879c6e * 3 48->51 52 8fb275-8fb285 call 8e00d9 48->52 51->52 62 8fb28b-8fb2e1 call 8e07c0 call 8e06e6 call 8e05a7 52->62 63 8fb287-8fb289 52->63 53->36 53->52 66 8fb2ee-8fb2f2 62->66 98 8fb2e3 62->98 63->66 71 8fb39a-8fb3be CreateProcessW 66->71 72 8fb2f8-8fb321 call 8d11c8 66->72 76 8fb3c1-8fb3d4 call 88fe14 * 2 71->76 87 8fb32a call 8d14ce 72->87 88 8fb323-8fb328 call 8d1201 72->88 103 8fb42f-8fb43d CloseHandle 76->103 104 8fb3d6-8fb3e8 76->104 82->83 105 8fb197-8fb1a0 call 894963 82->105 83->45 97 8fb32f-8fb33c call 894963 87->97 88->97 113 8fb33e-8fb345 97->113 114 8fb347-8fb357 call 894963 97->114 98->66 107 8fb43f-8fb444 103->107 108 8fb49c 103->108 109 8fb3ed-8fb3fc 104->109 110 8fb3ea 104->110 105->48 105->83 115 8fb446-8fb44c CloseHandle 107->115 116 8fb451-8fb456 107->116 111 8fb4a0-8fb4a4 108->111 117 8fb3fe 109->117 118 8fb401-8fb42a GetLastError call 87630c call 87cfa0 109->118 110->109 120 8fb4a6-8fb4b0 111->120 121 8fb4b2-8fb4bc 111->121 113->113 113->114 136 8fb359-8fb360 114->136 137 8fb362-8fb372 call 894963 114->137 115->116 124 8fb458-8fb45e CloseHandle 116->124 125 8fb463-8fb468 116->125 117->118 127 8fb4e5-8fb4f6 call 8e0175 118->127 120->127 128 8fb4be 121->128 129 8fb4c4-8fb4e3 call 87cfa0 CloseHandle 121->129 124->125 131 8fb46a-8fb470 CloseHandle 125->131 132 8fb475-8fb49a call 8e09d9 call 8fb536 125->132 128->129 129->127 131->132 132->111 136->136 136->137 146 8fb37d-8fb398 call 88fe14 * 3 137->146 147 8fb374-8fb37b 137->147 146->76 147->146 147->147
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008FB198
                                                                                                                                                                                                                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 008FB1B0
                                                                                                                                                                                                                                                                                                                                                                        • GetSystemDirectoryW.KERNEL32(00000000,00000000), ref: 008FB1D4
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008FB200
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 008FB214
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00000000,00000000), ref: 008FB236
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008FB332
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008E05A7: GetStdHandle.KERNEL32(000000F6), ref: 008E05C6
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008FB34B
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008FB366
                                                                                                                                                                                                                                                                                                                                                                        • CreateProcessW.KERNEL32(00000000,?,00000000,00000000,?,?,00000000,?,?,?), ref: 008FB3B6
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 008FB407
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 008FB439
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 008FB44A
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 008FB45C
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 008FB46E
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 008FB4E3
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Handle$Close_wcslen$Directory$CurrentSystem$CreateErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2178637699-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 87c7eaf998057a40992828d0173958fde7be910a2008f18b2d8a09322ce759fc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bae1c2e16be6cbab7cd7bd9686fbaa66e2f2ff4c4240ce06ef9466d457516556
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 87c7eaf998057a40992828d0173958fde7be910a2008f18b2d8a09322ce759fc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 42F18B716082449FCB14EF28C891B2ABBE5FF85714F14855DF999CB2A6DB31EC40CB52
                                                                                                                                                                                                                                                                                                                                                                        Function 0087D730 Relevance: 21.6, APIs: 14, Instructions: 631windowsleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetInputState.USER32 ref: 0087D807
                                                                                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 0087DA07
                                                                                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0087DB28
                                                                                                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 0087DB7B
                                                                                                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 0087DB89
                                                                                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0087DB9F
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 0087DBB1
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Message$Peek$DispatchInputSleepStateTimeTranslatetime
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2189390790-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 06fa0a59740d92e9a395c806c0c56dde59021d4ffa475696f5a8583d74ded0b8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 285f65bffd2eaff46d4e708e3d860d1987e87cc50965626e0908af4d021220b9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 06fa0a59740d92e9a395c806c0c56dde59021d4ffa475696f5a8583d74ded0b8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4429A706083459FDB29DB28C884F6ABBF0FF86314F14865DE55AC72A1D770E884DB92
                                                                                                                                                                                                                                                                                                                                                                        Function 00872CD4 Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 53windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00872D07
                                                                                                                                                                                                                                                                                                                                                                        • RegisterClassExW.USER32(00000030), ref: 00872D31
                                                                                                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00872D42
                                                                                                                                                                                                                                                                                                                                                                        • InitCommonControlsEx.COMCTL32(?), ref: 00872D5F
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00872D6F
                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(000000A9), ref: 00872D85
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00872D94
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconImageList_Register$BrushClassColorCommonControlsCreateInitLoadMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: +$0$AutoIt v3 GUI$TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2914291525-1005189915
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9c921c6be5754fd4e98b61acdd268325e818564fd24d9eaebd6dbcdc1a656d46
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: da36a18d3fd6056311643659deb8ddc8b8d537502774ab10a4d6d0dcb9b85620
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c921c6be5754fd4e98b61acdd268325e818564fd24d9eaebd6dbcdc1a656d46
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D921C4B9965318AFDB00DFA4EC49BDDBBB4FB09704F00821AF511A62A0D7B14584EF91
                                                                                                                                                                                                                                                                                                                                                                        Function 008B065B Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 272COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 457 8b065b-8b068b call 8b042f 460 8b068d-8b0698 call 89f2c6 457->460 461 8b06a6-8b06b2 call 8a5221 457->461 466 8b069a-8b06a1 call 89f2d9 460->466 467 8b06cb-8b0714 call 8b039a 461->467 468 8b06b4-8b06c9 call 89f2c6 call 89f2d9 461->468 478 8b097d-8b0983 466->478 476 8b0781-8b078a GetFileType 467->476 477 8b0716-8b071f 467->477 468->466 482 8b078c-8b07bd GetLastError call 89f2a3 CloseHandle 476->482 483 8b07d3-8b07d6 476->483 480 8b0721-8b0725 477->480 481 8b0756-8b077c GetLastError call 89f2a3 477->481 480->481 486 8b0727-8b0754 call 8b039a 480->486 481->466 482->466 494 8b07c3-8b07ce call 89f2d9 482->494 484 8b07d8-8b07dd 483->484 485 8b07df-8b07e5 483->485 490 8b07e9-8b0837 call 8a516a 484->490 485->490 491 8b07e7 485->491 486->476 486->481 500 8b0839-8b0845 call 8b05ab 490->500 501 8b0847-8b086b call 8b014d 490->501 491->490 494->466 500->501 508 8b086f-8b0879 call 8a86ae 500->508 506 8b087e-8b08c1 501->506 507 8b086d 501->507 510 8b08c3-8b08c7 506->510 511 8b08e2-8b08f0 506->511 507->508 508->478 510->511 513 8b08c9-8b08dd 510->513 514 8b097b 511->514 515 8b08f6-8b08fa 511->515 513->511 514->478 515->514 516 8b08fc-8b092f CloseHandle call 8b039a 515->516 519 8b0963-8b0977 516->519 520 8b0931-8b095d GetLastError call 89f2a3 call 8a5333 516->520 519->514 520->519
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008B039A: CreateFileW.KERNEL32(00000000,00000000,?,008B0704,?,?,00000000,?,008B0704,00000000,0000000C), ref: 008B03B7
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 008B076F
                                                                                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 008B0776
                                                                                                                                                                                                                                                                                                                                                                        • GetFileType.KERNEL32(00000000), ref: 008B0782
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 008B078C
                                                                                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 008B0795
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 008B07B5
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 008B08FF
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 008B0931
                                                                                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 008B0938
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast__dosmaperr$CloseFileHandle$CreateType
                                                                                                                                                                                                                                                                                                                                                                        • String ID: H
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4237864984-2852464175
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a507db07f80dce0d146946c5e34e92578688064e931d42d665eb3d4f178736f8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 58b2b9d614679b234afb7182810eecaa5ccd379f03cdb8e5d2b48c7a7189804e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a507db07f80dce0d146946c5e34e92578688064e931d42d665eb3d4f178736f8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1AA12632A141088FDF19AF68DC51BEE7BA0FB4A324F140199F815DB392DB319916DF92
                                                                                                                                                                                                                                                                                                                                                                        Function 0087344D Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00873A5A: GetModuleFileNameW.KERNEL32(00000000,?,00007FFF,00941418,?,00872E7F,?,?,?,00000000), ref: 00873A78
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00873357: GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 00873379
                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Software\AutoIt v3\AutoIt,00000000,00000001,?,?,\Include\), ref: 0087356A
                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,00000000,?), ref: 008B318D
                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,Include,00000000,00000000,?,?,00000000), ref: 008B31CE
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 008B3210
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008B3277
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008B3286
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: NameQueryValue_wcslen$CloseFileFullModuleOpenPath
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Include$Software\AutoIt v3\AutoIt$\$\Include\
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 98802146-2727554177
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e79786fc29dc02d9ae5f850a96ff6ee9add3b351788a7e89a717c041c78f0aba
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 676e61a8f56d4f09b69bd680f83fa3bbf9fb92476a7ea47037574a0126793a99
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e79786fc29dc02d9ae5f850a96ff6ee9add3b351788a7e89a717c041c78f0aba
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA715A714183009EC714EF69D882D9ABBF8FF96B40B80452EF559C62A5EB309A48DB52
                                                                                                                                                                                                                                                                                                                                                                        Function 00872B83 Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 63windowregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00872B8E
                                                                                                                                                                                                                                                                                                                                                                        • LoadCursorW.USER32(00000000,00007F00), ref: 00872B9D
                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(00000063), ref: 00872BB3
                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(000000A4), ref: 00872BC5
                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(000000A2), ref: 00872BD7
                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000063,00000001,00000010,00000010,00000000), ref: 00872BEF
                                                                                                                                                                                                                                                                                                                                                                        • RegisterClassExW.USER32(?), ref: 00872C40
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00872CD4: GetSysColorBrush.USER32(0000000F), ref: 00872D07
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00872CD4: RegisterClassExW.USER32(00000030), ref: 00872D31
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00872CD4: RegisterWindowMessageW.USER32(TaskbarCreated), ref: 00872D42
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00872CD4: InitCommonControlsEx.COMCTL32(?), ref: 00872D5F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00872CD4: ImageList_Create.COMCTL32(00000010,00000010,00000021,00000001,00000001), ref: 00872D6F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00872CD4: LoadIconW.USER32(000000A9), ref: 00872D85
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00872CD4: ImageList_ReplaceIcon.COMCTL32(000000FF,00000000), ref: 00872D94
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Load$Icon$ImageRegister$BrushClassColorList_$CommonControlsCreateCursorInitMessageReplaceWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: #$0$AutoIt v3
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 423443420-4155596026
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ccf129aeda272b0232e2cf735d9137dba7abb6653c2df662141d269ea27e1f74
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 418ca51248d2d65c0816058c7c9785c0c344740950db12fc806f839944f2c2ce
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ccf129aeda272b0232e2cf735d9137dba7abb6653c2df662141d269ea27e1f74
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 82216FB8E68314AFDB109FA5EC45F9D7FB4FB49B50F00411AF500A66A0D3B14580EF90
                                                                                                                                                                                                                                                                                                                                                                        Function 00873170 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 145windowtimeregistryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 598 873170-873185 599 873187-87318a 598->599 600 8731e5-8731e7 598->600 602 87318c-873193 599->602 603 8731eb 599->603 600->599 601 8731e9 600->601 606 8731d0-8731d8 DefWindowProcW 601->606 604 873265-87326d PostQuitMessage 602->604 605 873199-87319e 602->605 607 8b2dfb-8b2e23 call 8718e2 call 88e499 603->607 608 8731f1-8731f6 603->608 613 873219-87321b 604->613 610 8731a4-8731a8 605->610 611 8b2e7c-8b2e90 call 8dbf30 605->611 612 8731de-8731e4 606->612 641 8b2e28-8b2e2f 607->641 614 87321d-873244 SetTimer RegisterWindowMessageW 608->614 615 8731f8-8731fb 608->615 617 8b2e68-8b2e72 call 8dc161 610->617 618 8731ae-8731b3 610->618 611->613 635 8b2e96 611->635 613->612 614->613 619 873246-873251 CreatePopupMenu 614->619 621 873201-87320f KillTimer call 8730f2 615->621 622 8b2d9c-8b2d9f 615->622 631 8b2e77 617->631 625 8b2e4d-8b2e54 618->625 626 8731b9-8731be 618->626 619->613 639 873214 call 873c50 621->639 628 8b2da1-8b2da5 622->628 629 8b2dd7-8b2df6 MoveWindow 622->629 625->606 638 8b2e5a-8b2e63 call 8d0ad7 625->638 633 8731c4-8731ca 626->633 634 873253-873263 call 87326f 626->634 636 8b2da7-8b2daa 628->636 637 8b2dc6-8b2dd2 SetFocus 628->637 629->613 631->613 633->606 633->641 634->613 635->606 636->633 642 8b2db0-8b2dc1 call 8718e2 636->642 637->613 638->606 639->613 641->606 646 8b2e35-8b2e48 call 8730f2 call 873837 641->646 642->613 646->606
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DefWindowProcW.USER32(?,?,?,?,?,?,?,?,?,0087316A,?,?), ref: 008731D8
                                                                                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(?,00000001,?,?,?,?,?,0087316A,?,?), ref: 00873204
                                                                                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 00873227
                                                                                                                                                                                                                                                                                                                                                                        • RegisterWindowMessageW.USER32(TaskbarCreated,?,?,?,?,?,0087316A,?,?), ref: 00873232
                                                                                                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 00873246
                                                                                                                                                                                                                                                                                                                                                                        • PostQuitMessage.USER32(00000000), ref: 00873267
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageTimerWindow$CreateKillMenuPopupPostProcQuitRegister
                                                                                                                                                                                                                                                                                                                                                                        • String ID: TaskbarCreated
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 129472671-2362178303
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4d88ee54b9345550a00b30f1597e16b748f5c15533012c6f9a647187f928063b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 53ca8591b5126f70eebca96c7abf04fca6732b90b56e1d006489295645aa3782
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4d88ee54b9345550a00b30f1597e16b748f5c15533012c6f9a647187f928063b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 79411735278208ABDB255B7C9C09FB93B59F706345F148225F90AC63AAD771CA80B773
                                                                                                                                                                                                                                                                                                                                                                        Function 00871410 Relevance: 14.3, APIs: 7, Strings: 1, Instructions: 332COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 654 871410-871449 655 8b24b8-8b24b9 DestroyWindow 654->655 656 87144f-871465 mciSendStringW 654->656 659 8b24c4-8b24d1 655->659 657 8716c6-8716d3 656->657 658 87146b-871473 656->658 661 8716d5-8716f0 UnregisterHotKey 657->661 662 8716f8-8716ff 657->662 658->659 660 871479-871488 call 87182e 658->660 663 8b24d3-8b24d6 659->663 664 8b2500-8b2507 659->664 675 8b250e-8b251a 660->675 676 87148e-871496 660->676 661->662 666 8716f2-8716f3 call 8710d0 661->666 662->658 667 871705 662->667 668 8b24d8-8b24e0 call 876246 663->668 669 8b24e2-8b24e5 FindClose 663->669 664->659 672 8b2509 664->672 666->662 667->657 674 8b24eb-8b24f8 668->674 669->674 672->675 674->664 678 8b24fa-8b24fb call 8e32b1 674->678 681 8b251c-8b251e FreeLibrary 675->681 682 8b2524-8b252b 675->682 679 8b2532-8b253f 676->679 680 87149c-8714c1 call 87cfa0 676->680 678->664 683 8b2541-8b255e VirtualFree 679->683 684 8b2566-8b256d 679->684 692 8714c3 680->692 693 8714f8-871503 CoUninitialize 680->693 681->682 682->675 687 8b252d 682->687 683->684 688 8b2560-8b2561 call 8e3317 683->688 684->679 689 8b256f 684->689 687->679 688->684 695 8b2574-8b2578 689->695 696 8714c6-8714f6 call 871a05 call 8719ae 692->696 694 871509-87150e 693->694 693->695 697 8b2589-8b2596 call 8e32eb 694->697 698 871514-87151e 694->698 695->694 699 8b257e-8b2584 695->699 696->693 712 8b2598 697->712 701 871707-871714 call 88f80e 698->701 702 871524-8715a5 call 87988f call 871944 call 8717d5 call 88fe14 call 87177c call 87988f call 87cfa0 call 8717fe call 88fe14 698->702 699->694 701->702 715 87171a 701->715 716 8b259d-8b25bf call 88fdcd 702->716 744 8715ab-8715cf call 88fe14 702->744 712->716 715->701 722 8b25c1 716->722 725 8b25c6-8b25e8 call 88fdcd 722->725 731 8b25ea 725->731 735 8b25ef-8b2611 call 88fdcd 731->735 741 8b2613 735->741 743 8b2618-8b2625 call 8d64d4 741->743 749 8b2627 743->749 744->725 750 8715d5-8715f9 call 88fe14 744->750 752 8b262c-8b2639 call 88ac64 749->752 750->735 755 8715ff-871619 call 88fe14 750->755 758 8b263b 752->758 755->743 760 87161f-871643 call 8717d5 call 88fe14 755->760 762 8b2640-8b264d call 8e3245 758->762 760->752 769 871649-871651 760->769 768 8b264f 762->768 771 8b2654-8b2661 call 8e32cc 768->771 769->762 770 871657-871675 call 87988f call 87190a 769->770 770->771 780 87167b-871689 770->780 776 8b2663 771->776 779 8b2668-8b2675 call 8e32cc 776->779 785 8b2677 779->785 780->779 782 87168f-8716c5 call 87988f * 3 call 871876 780->782 785->785
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(close all,00000000,00000000,00000000), ref: 00871459
                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.COMBASE ref: 008714F8
                                                                                                                                                                                                                                                                                                                                                                        • UnregisterHotKey.USER32(?), ref: 008716DD
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 008B24B9
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 008B251E
                                                                                                                                                                                                                                                                                                                                                                        • VirtualFree.KERNEL32(?,00000000,00008000), ref: 008B254B
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Free$DestroyLibrarySendStringUninitializeUnregisterVirtualWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: close all
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 469580280-3243417748
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1f8ce8c3ab05b53f2d83c644c52840af8f3b9d461242d9296b6e3b1ec20d3ebe
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c7670b2cb3ca4ec4b80cf04cc641bfc63ca4d0ae0c908541b678e1cf426d73b3
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f8ce8c3ab05b53f2d83c644c52840af8f3b9d461242d9296b6e3b1ec20d3ebe
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FDD159716012128FCB29EF18C899A69F7A4FF05710F1482ADE54AEB656DB30ED12CF52
                                                                                                                                                                                                                                                                                                                                                                        Function 008DDE27 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 70networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 793 8dde27-8dde4a WSAStartup 794 8ddee6-8ddef2 call 894983 793->794 795 8dde50-8dde71 gethostname gethostbyname 793->795 801 8ddef3-8ddef6 794->801 795->794 796 8dde73-8dde7a 795->796 798 8dde7c-8dde81 796->798 799 8dde83-8dde85 796->799 798->798 798->799 802 8dde87-8dde94 call 894983 799->802 803 8dde96-8ddedb call 890e20 inet_ntoa call 89d5f0 call 8debd1 call 894983 call 88fe14 799->803 808 8ddede-8ddee4 WSACleanup 802->808 803->808 808->801
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CleanupStartup_strcatgethostbynamegethostnameinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0.0.0.0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 642191829-3771769585
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d9521de67e2a50253f3ce5907aed97ffa31afe357b88d310ec9114de9f0e1a0a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5fcea60b7e49e96f166a7c57150b1b3781f70b7319035fd1ffb87af948814ccc
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d9521de67e2a50253f3ce5907aed97ffa31afe357b88d310ec9114de9f0e1a0a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91110A71504214AFCB207B64DC0AEDE776CFF50715F04036AF545DA291EF708A819B61
                                                                                                                                                                                                                                                                                                                                                                        Function 00872C63 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 44COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 827 872c63-872cd3 CreateWindowExW * 2 ShowWindow * 2
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,AutoIt v3,AutoIt v3,00CF0000,80000000,80000000,0000012C,00000064,00000000,00000000,00000000,00000001), ref: 00872C91
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,edit,00000000,50B008C4,00000000,00000000,00000000,00000000,00000000,00000001,00000000), ref: 00872CB2
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00871CAD,?), ref: 00872CC6
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,?,?,?,?,?,?,00871CAD,?), ref: 00872CCF
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$CreateShow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: AutoIt v3$edit
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1584632944-3779509399
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: be347a593a27b997748aa1844ddfd38ec4af7510b505a00928bfc4c616361b03
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fc4a20fa60241a8985c4099bed23a1498bde036a11b7f5ccda371eb209a1fe54
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: be347a593a27b997748aa1844ddfd38ec4af7510b505a00928bfc4c616361b03
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 89F0DAB95642907EEB311B17AC48E772EBDD7C7F50B00005AF900A25A0C6611894EAB0
                                                                                                                                                                                                                                                                                                                                                                        Function 00873B1C Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 58registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 978 873b1c-873b27 979 873b99-873b9b 978->979 980 873b29-873b2e 978->980 981 873b8c-873b8f 979->981 980->979 982 873b30-873b48 RegOpenKeyExW 980->982 982->979 983 873b4a-873b69 RegQueryValueExW 982->983 984 873b80-873b8b RegCloseKey 983->984 985 873b6b-873b76 983->985 984->981 986 873b90-873b97 985->986 987 873b78-873b7a 985->987 988 873b7e 986->988 987->988 988->984
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.KERNEL32(80000001,Control Panel\Mouse,00000000,00000001,00000000,?,?,80000001,80000001,?,00873B0F,SwapMouseButtons,00000004,?), ref: 00873B40
                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,80000001,80000001,?,00873B0F,SwapMouseButtons,00000004,?), ref: 00873B61
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.KERNEL32(00000000,?,?,?,80000001,80000001,?,00873B0F,SwapMouseButtons,00000004,?), ref: 00873B83
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseOpenQueryValue
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Control Panel\Mouse
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3677997916-824357125
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a62e28d76f3b2476283d66fc6ee8e24ec354c76a168d72e62c306badce9dc457
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bb7fce2a9c2042614a4e6f2f6dcb3bd70c44559fda2a6e2f47a1af5298589cd7
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a62e28d76f3b2476283d66fc6ee8e24ec354c76a168d72e62c306badce9dc457
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5112AB5520208FFDB208FA5DC84AEEB7BCFF15754B10855AA809D7114D231DE40A7A1
                                                                                                                                                                                                                                                                                                                                                                        Function 008CD3A0 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 30libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule

                                                                                                                                                                                                                                                                                                                                                                        Control-flow Graph

                                                                                                                                                                                                                                                                                                                                                                        • Executed
                                                                                                                                                                                                                                                                                                                                                                        • Not Executed
                                                                                                                                                                                                                                                                                                                                                                        control_flow_graph 989 8cd3a0-8cd3a9 990 8cd3ab-8cd3b7 989->990 991 8cd376-8cd37b 989->991 993 8cd3c9 990->993 994 8cd3b9-8cd3c7 GetProcAddress 990->994 992 8cd292-8cd2a8 991->992 998 8cd2a9 992->998 995 8cd3ce-8cd3de 993->995 994->993 994->995 995->992 999 8cd3e4-8cd3eb FreeLibrary 995->999 998->998 999->992
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,GetSystemWow64DirectoryW), ref: 008CD3BF
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32 ref: 008CD3E5
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AddressFreeLibraryProc
                                                                                                                                                                                                                                                                                                                                                                        • String ID: GetSystemWow64DirectoryW$X64
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3013587201-2590602151
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1961aaee31d9906b322a2afa2fa3d76ad20080c52da4b1603702d53388dca6bf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0f6c8be8bfbf9c1e49a4f72c2d940db314efa9adf48d80f1f80f948f9cf7c62b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1961aaee31d9906b322a2afa2fa3d76ad20080c52da4b1603702d53388dca6bf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31F020B280AB258AC37133204C28F6A73B0FF10705F64823CE402E1284E730CC408682
                                                                                                                                                                                                                                                                                                                                                                        Function 0087DFD0 Relevance: 6.7, APIs: 2, Strings: 1, Instructions: 1414COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        • Variable must be of type 'Object'., xrefs: 008C32B7
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-109567571
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0482762e810883eb6375e2347494c567b771b6333f2f8c0f046dc035815af88e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c19e74415eb2d997520522f14edff53107c54d113c544370564c6546a2a5180c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0482762e810883eb6375e2347494c567b771b6333f2f8c0f046dc035815af88e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8AC27975A00209CFCB24DF58C881AADB7B1FB19314F24C5A9E919EB3A5D371ED42CB91
                                                                                                                                                                                                                                                                                                                                                                        Function 0087EC40 Relevance: 5.7, APIs: 3, Instructions: 1195COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 0087FE66
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 55ad500f86fee7d58c9b10889211ea1ac0df86fdd6214e592a6f83eb160ab093
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1f88bc93a2eac2fd0aa67d58397778dfde9a4e0785e37ebead3238fd444abecc
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55ad500f86fee7d58c9b10889211ea1ac0df86fdd6214e592a6f83eb160ab093
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AFB25874608340CFCB24CF19C490A2AB7E1FB99314F24896DFA99CB35AD771E885DB52
                                                                                                                                                                                                                                                                                                                                                                        Function 00873923 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 94windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000065,?,0000007F,00000104), ref: 008B33A2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00876B57: _wcslen.LIBCMT ref: 00876B6A
                                                                                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,?), ref: 00873A04
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconLoadNotifyShell_String_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Line:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2289894680-1585850449
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 662238eada931acb8bcb6804ef168c049f70ab16619cf431f8f8e5fa248f7635
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: abd2f7bb80fa3c24f5afe3df8c71b9f7beb292395d4ad112ab72236459c0596f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 662238eada931acb8bcb6804ef168c049f70ab16619cf431f8f8e5fa248f7635
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3E31AF71418314AAC725EB24DC45FEBB7E8FB85714F00852AF59DC2195EB70D688D783
                                                                                                                                                                                                                                                                                                                                                                        Function 0088FDDB Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00890668
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008932A4: RaiseException.KERNEL32(?,?,?,0089068A,?,00941444,?,?,?,?,?,?,0089068A,00871129,00938738,00871129), ref: 00893304
                                                                                                                                                                                                                                                                                                                                                                        • __CxxThrowException@8.LIBVCRUNTIME ref: 00890685
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Exception@8Throw$ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Unknown exception
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3476068407-410509341
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f466196a23b96d600564e0b8d49b36e05b0fd03569f1372912ac3e348381712f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cc9145b61d05460a5b7d7cddc2b670c8bfba2e230d1e8f7c6f4d7bfe1fdd4e42
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f466196a23b96d600564e0b8d49b36e05b0fd03569f1372912ac3e348381712f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31F0442490030D6B8F10B6A8D846D5E776CFE50354B644531BA24D55D2EF71DB55CE82
                                                                                                                                                                                                                                                                                                                                                                        Function 008710F3 Relevance: 4.7, APIs: 3, Instructions: 153comCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00871BC3: MapVirtualKeyW.USER32(0000005B,00000000), ref: 00871BF4
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00871BC3: MapVirtualKeyW.USER32(00000010,00000000), ref: 00871BFC
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00871BC3: MapVirtualKeyW.USER32(000000A0,00000000), ref: 00871C07
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00871BC3: MapVirtualKeyW.USER32(000000A1,00000000), ref: 00871C12
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00871BC3: MapVirtualKeyW.USER32(00000011,00000000), ref: 00871C1A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00871BC3: MapVirtualKeyW.USER32(00000012,00000000), ref: 00871C22
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00871B4A: RegisterWindowMessageW.USER32(00000004,?,008712C4), ref: 00871BA2
                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F6,00000000,00000000), ref: 0087136A
                                                                                                                                                                                                                                                                                                                                                                        • OleInitialize.OLE32 ref: 00871388
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000), ref: 008B24AB
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Virtual$Handle$CloseInitializeMessageRegisterWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1986988660-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c6c5dd6b1e79038464f95d5d687fddee9a2e836c4f2ec6ee5e19ebe604b04de0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e61e1a7da3dfdeb67dee1cf706f8a6371876a7f019a79475400496b6115d0942
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6c5dd6b1e79038464f95d5d687fddee9a2e836c4f2ec6ee5e19ebe604b04de0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F3718AB89793048FC798EF7DE845E953AE4FB8A344714822AE51AC7375EB3084C0AF41
                                                                                                                                                                                                                                                                                                                                                                        Function 008DC161 Relevance: 4.6, APIs: 3, Instructions: 74timewindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00873923: Shell_NotifyIconW.SHELL32(00000001,?), ref: 00873A04
                                                                                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000001,000003A8), ref: 008DC259
                                                                                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(?,00000001,?,?), ref: 008DC261
                                                                                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,00000001,000002EE,00000000), ref: 008DC270
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_Timer$Kill
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3500052701-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e0c980a3bfb5c36f89dbae523e8d7fa65e8ccf475dd89685ce5c7d14253e8d33
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a9e79d0ba5d208b6222e70ebb32f17a294fbfd01fc835ded0d219930d8842807
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e0c980a3bfb5c36f89dbae523e8d7fa65e8ccf475dd89685ce5c7d14253e8d33
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F319570904354AFEB329F648895BE7BBECEB06308F04059EE5DAD7241C7745A84DB51
                                                                                                                                                                                                                                                                                                                                                                        Function 008A86AE Relevance: 4.6, APIs: 3, Instructions: 61COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,00000000,?,?,008A85CC,?,00938CC8,0000000C), ref: 008A8704
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,008A85CC,?,00938CC8,0000000C), ref: 008A870E
                                                                                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 008A8739
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseErrorHandleLast__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2583163307-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d622ac44b38316a4bbf6f541a2c484677e960424ab86aa36ce9da8577e23090b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cbe51d1bab27c1148568c7a8e8d805173c90d6916efce1f9733ea36640235170
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d622ac44b38316a4bbf6f541a2c484677e960424ab86aa36ce9da8577e23090b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40016F32614520A6FA2463386849B7E2745FBD3774F380159FA04CB9D2DEB0CCC191A1
                                                                                                                                                                                                                                                                                                                                                                        Function 0087DB38 Relevance: 4.5, APIs: 3, Instructions: 29windowsleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 0087DB7B
                                                                                                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 0087DB89
                                                                                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 0087DB9F
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 0087DBB1
                                                                                                                                                                                                                                                                                                                                                                        • TranslateAcceleratorW.USER32(?,?,?), ref: 008C1CC9
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Message$Translate$AcceleratorDispatchPeekSleep
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3288985973-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 89f00632ff6165bc72e79ad55e64cbba39983b396f8fb3b3c30026729fa01134
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 40859b6b46dbb8702080f4511cd829add079b9fa21df7be944df86615e13ab82
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89f00632ff6165bc72e79ad55e64cbba39983b396f8fb3b3c30026729fa01134
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FFF0FE716583449BEB30DB648C89FAA73B8FF45310F508A19F65AD30D0DB70E4889B16
                                                                                                                                                                                                                                                                                                                                                                        Function 00881310 Relevance: 4.0, APIs: 1, Strings: 1, Instructions: 531COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 008817F6
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                        • String ID: CALL
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-4196123274
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9e4d074a240cf7fc484b1915bae188314ce0558673c863b813d3a766dfaee4a3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9fe486d2f8b2dc9630bb6ef13dee8c96f9ae745bbb5f978f60e07d4eaf89c85c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e4d074a240cf7fc484b1915bae188314ce0558673c863b813d3a766dfaee4a3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C226A706082419FCB14EF28C485A2ABBF5FF85314F24896DF596CB362DB31E856CB52
                                                                                                                                                                                                                                                                                                                                                                        Function 008801E0 Relevance: 3.6, APIs: 2, Instructions: 643COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c9fbd4a338b1a6c1f2cf8a0172e0e4dc2eecf0c76ce47f8022b9953cb42894d5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2134c507bccf9ad85a0a56059644172416e601887fad1bc4bcaf1b615ec33bf1
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c9fbd4a338b1a6c1f2cf8a0172e0e4dc2eecf0c76ce47f8022b9953cb42894d5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FD327970A006099FCF24EF58C885FAEB7B1FF05314F148569E915EB2A2D771E984CB52
                                                                                                                                                                                                                                                                                                                                                                        Function 00872DE3 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 64COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetOpenFileNameW.COMDLG32(?), ref: 008B2C8C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00873AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00873A97,?,?,00872E7F,?,?,?,00000000), ref: 00873AC2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00872DA5: GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00872DC4
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Name$Path$FileFullLongOpen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: X
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 779396738-3081909835
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d01b8638c0c844e7570a3cc7845261821207a9d1b63479131a60ca70550456d8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e8e09fddd00abfd7dcc41c6c1876deedeed3c380e558154a7787e9cdff0a573c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d01b8638c0c844e7570a3cc7845261821207a9d1b63479131a60ca70550456d8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99215471A10258AEDB11DF98C845BEE7BF8FF49314F008059E409E7245DBB49A499F62
                                                                                                                                                                                                                                                                                                                                                                        Function 008CD363 Relevance: 3.5, APIs: 1, Strings: 1, Instructions: 11COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetComputerNameW.KERNEL32(?,?), ref: 008CD375
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ComputerName
                                                                                                                                                                                                                                                                                                                                                                        • String ID: X64
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3545744682-893830106
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ce23611118b5d05579c7fb79a03cc779807fef655ef93cf62e19afdd11bd5d5b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fdc29367019196f0b52653b8971d8b330a9e34300ca75f32aed2d8622ad41f25
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce23611118b5d05579c7fb79a03cc779807fef655ef93cf62e19afdd11bd5d5b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F1D0C9B581521DEECB94EB40DC88EDEB37CFB04309F608265F006E2040D730E5489B10
                                                                                                                                                                                                                                                                                                                                                                        Function 00873837 Relevance: 3.1, APIs: 2, Instructions: 77windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000000,?), ref: 00873908
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 10eb52d3fb1ec1df3a4bb47a0f28f141baa4092e30fa8faf48e4fcb4c728b03e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c8b1baf7f8c3f2394fa8149eb234e4122253b30221a1c61c14d46a01c84e9bb2
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 10eb52d3fb1ec1df3a4bb47a0f28f141baa4092e30fa8faf48e4fcb4c728b03e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D1318EB05083019FD720DF24D884B97BBE8FB49708F00092EF59AC3250E771AA44EB53
                                                                                                                                                                                                                                                                                                                                                                        Function 0088F645 Relevance: 3.0, APIs: 2, Instructions: 29sleeptimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 0088F661
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0087D730: GetInputState.USER32 ref: 0087D807
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 008CF2DE
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: InputSleepStateTimetime
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4149333218-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 30272237a20c77c086e440c5f5b4f747e7a5cc71a7c1b9131bc6d96870821433
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 69b0814676a0e0f456ecf4913d97f4bec7b5f6282b5c5cb29ab03cff1c237951
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 30272237a20c77c086e440c5f5b4f747e7a5cc71a7c1b9131bc6d96870821433
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22F08C712442059FD354EF69D449B6AB7F9FF46761F004129E85DC72A1DB70A800CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 0087B710 Relevance: 2.1, APIs: 1, Instructions: 587COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 0087BB4E
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Init_thread_footer
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1385522511-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c00deb72315d867b16bf459a0b4ada53a8d8c354c2d8f20b210062298665b5a9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 53f6006ef0475ab115b464619109c2dbd17434a0c26ff72931e9eb4b250b6e53
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c00deb72315d867b16bf459a0b4ada53a8d8c354c2d8f20b210062298665b5a9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 21329834A04209DFCB24CF68C884FAAB7BAFF45394F188059E919EB255D774ED41CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 00874ECB Relevance: 1.6, APIs: 1, Instructions: 65libraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00874E90: LoadLibraryA.KERNEL32(kernel32.dll,?,?,00874EDD,?,00941418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00874E9C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00874E90: GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00874EAE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00874E90: FreeLibrary.KERNEL32(00000000,?,?,00874EDD,?,00941418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00874EC0
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000002,?,00941418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00874EFD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00874E59: LoadLibraryA.KERNEL32(kernel32.dll,?,?,008B3CDE,?,00941418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00874E62
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00874E59: GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00874E74
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00874E59: FreeLibrary.KERNEL32(00000000,?,?,008B3CDE,?,00941418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00874E87
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Library$Load$AddressFreeProc
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2632591731-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0705f0775e945a2c1f38188621530d3c04b499889b4faf4580e81f598ba2b17b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0b3622501561458fc619b20a5c8aa2b6b2a72bacc6f4d7b26c9758647b533d9f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0705f0775e945a2c1f38188621530d3c04b499889b4faf4580e81f598ba2b17b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B411C132610205AADB14FB68DC12FAD77A5FF40720F10C42DF54AE62C9EFB0DA459752
                                                                                                                                                                                                                                                                                                                                                                        Function 008A8402 Relevance: 1.6, APIs: 1, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: __wsopen_s
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3347428461-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a7fce726ca6d498f26107d43f441e5cd9c332b1fb3f97aa92375d8a3f518c639
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1b371504cafcf11d80d1b8a54ed1a0c1c9b2f841c4fde2f7054a8d3283dff0f6
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a7fce726ca6d498f26107d43f441e5cd9c332b1fb3f97aa92375d8a3f518c639
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7911187590420AEFDF05DF58E94199A7BF9FF49314F104059F808EB312DA31DA11CBA9
                                                                                                                                                                                                                                                                                                                                                                        Function 008A5000 Relevance: 1.6, APIs: 1, Instructions: 52COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A4C7D: RtlAllocateHeap.NTDLL(00000008,00871129,00000000,?,008A2E29,00000001,00000364,?,?,?,0089F2DE,008A3863,00941444,?,0088FDF5,?), ref: 008A4CBE
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A506C
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap_free
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 614378929-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d4db71aa020195d1c1681fdeb9a79dd9cb31355e84ea77adbae577e8b2a74137
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9ba45ce058d1080761d5af908226540236078fd1fc19e2e0238d0ad147f07c6e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 16012672204B046BF331CE699881A5AFBE8FB8A370F25051DE184C3680EA70A845C6B5
                                                                                                                                                                                                                                                                                                                                                                        Function 0089E602 Relevance: 1.5, APIs: 1, Instructions: 46COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 38504235f835eb116408c288d582fd44627be3c06630481d0419dfd6e8cab29b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d6c69ec2a70ac845cc05b5f137181c3f07394ab8b33ef369e8c7ef627d5c9574
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 48F0D632510E149AEE327A6D8C05B563B98FFB2334F180715F521D66D2DA709401C5A7
                                                                                                                                                                                                                                                                                                                                                                        Function 00879CB3 Relevance: 1.5, APIs: 1, Instructions: 43COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 176396367-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b66f2ccc6a42f866386a2c3f527481c72d49d8aa6e16cad6a22e3b4c4ac6860b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d805c2179cc3e92081332bcb51ecf6b7e31bc46d3792bb39be092b1a43e9e0fe
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b66f2ccc6a42f866386a2c3f527481c72d49d8aa6e16cad6a22e3b4c4ac6860b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 81F0CD735006046FD7256F2CD806E57BB94FF44760F14852AF619CB1D1DB31E5108BA0
                                                                                                                                                                                                                                                                                                                                                                        Function 008A4C7D Relevance: 1.5, APIs: 1, Instructions: 39memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000008,00871129,00000000,?,008A2E29,00000001,00000364,?,?,?,0089F2DE,008A3863,00941444,?,0088FDF5,?), ref: 008A4CBE
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3b2e662d78b5cea7c7f099009fcc770eb6b88f8e2c5ed10b981791746cb059ed
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3d3cd17652fd7022b704a2184284f457d11ce426af426d81dd920e9875a77205
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3b2e662d78b5cea7c7f099009fcc770eb6b88f8e2c5ed10b981791746cb059ed
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E7F0E93160622467FF216F669C05F5A3788FFC37B4B186221B91DE7991CAF0D80196E1
                                                                                                                                                                                                                                                                                                                                                                        Function 008A3820 Relevance: 1.5, APIs: 1, Instructions: 32memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • RtlAllocateHeap.NTDLL(00000000,?,00941444,?,0088FDF5,?,?,0087A976,00000010,00941440,008713FC,?,008713C6,?,00871129), ref: 008A3852
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1279760036-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6b0bb0be63a0e672f7e1935a6f20f2ec1302331376f972663406faebab5b37f0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fac248d9e8c510c4528e025b37e5c2a4345c2675e436539844483d7a535785cf
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6b0bb0be63a0e672f7e1935a6f20f2ec1302331376f972663406faebab5b37f0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62E0E53110522457FA213B6A9C04F9A3648FF437B4F090130BC14D2D91DB58DE0182E1
                                                                                                                                                                                                                                                                                                                                                                        Function 00874F39 Relevance: 1.5, APIs: 1, Instructions: 28COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?,?,00941418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00874F6D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FreeLibrary
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3664257935-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 153dcb083f06a1acf5493d3e9acf43a255bc62e01edaf15db92898dd72116a7b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e01547179f76532d2535efc71b6f0241d145efdc186e4c02b69b123e2a10f9bf
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 153dcb083f06a1acf5493d3e9acf43a255bc62e01edaf15db92898dd72116a7b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2DF015B1109752CFDB349F64D490822BBE4FF15329324DA6EE1EEC2625CB32D844DB10
                                                                                                                                                                                                                                                                                                                                                                        Function 00902A55 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • IsWindow.USER32(00000000), ref: 00902A66
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2353593579-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 28013d1973869b40cce85ddd9ecab76a533a88a83334ede7cb0537cb21ffce54
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d6b154c75624200612b71f7a4baf1b986e18b6c71c878115eb598d16a415bccf
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28013d1973869b40cce85ddd9ecab76a533a88a83334ede7cb0537cb21ffce54
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13E0DF32354216AECB20EB34DC888FA735CEB10390B100636BC1BC2280DF34998582A0
                                                                                                                                                                                                                                                                                                                                                                        Function 008730F2 Relevance: 1.5, APIs: 1, Instructions: 24windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • Shell_NotifyIconW.SHELL32(00000002,?), ref: 0087314E
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1144537725-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 28afb7cb864a136db617eb2e4d074c1d90e88dd4c51951d80bddb4334ee5526d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 04fc74e4aba1e14cf090ee86d772c86b1852bac12a4264deedca878bc63baa00
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 28afb7cb864a136db617eb2e4d074c1d90e88dd4c51951d80bddb4334ee5526d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 50F082709143149FEB629F24DC45B957BACB701708F0000E5A14896291D7704788DB52
                                                                                                                                                                                                                                                                                                                                                                        Function 00872DA5 Relevance: 1.5, APIs: 1, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetLongPathNameW.KERNEL32(?,?,00007FFF), ref: 00872DC4
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00876B57: _wcslen.LIBCMT ref: 00876B6A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LongNamePath_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 541455249-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d43f14b55a52e435aa75e27ead6d094fcc0967043ff82180814a5de72556113d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fbafb2d613c4712a8262dbec18b205853bccecb6237b541ac6ac6c7dd2cf22d6
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d43f14b55a52e435aa75e27ead6d094fcc0967043ff82180814a5de72556113d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 62E086726041245BCB10925C9C05FEA779DEB88790F044171FD09D7249D960ED808551
                                                                                                                                                                                                                                                                                                                                                                        Function 00872B3D Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00873837: Shell_NotifyIconW.SHELL32(00000000,?), ref: 00873908
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0087D730: GetInputState.USER32 ref: 0087D807
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 00872B6B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008730F2: Shell_NotifyIconW.SHELL32(00000002,?), ref: 0087314E
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconNotifyShell_$CurrentDirectoryInputState
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3667716007-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 235a7994031e9803ec9e0590798d7f92ffba711285180797ae4de4e750d846c7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4c4a6e7b08c4b55503cc16d8a70419bffaa82da7c6123ce247df7a956177c95d
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 235a7994031e9803ec9e0590798d7f92ffba711285180797ae4de4e750d846c7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 63E0862131424806C618BB7D985297DA759FBD6355F40953EF14EC31B7CF34C5855353
                                                                                                                                                                                                                                                                                                                                                                        Function 008DDF27 Relevance: 1.5, APIs: 1, Instructions: 20COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SHGetFolderPathW.SHELL32(00000000,?,00000000,00000000,?), ref: 008DDF40
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00876B57: _wcslen.LIBCMT ref: 00876B6A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FolderPath_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2987691875-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 501e8a9db0a1a955575f5a258f01ba71a19042f5ef6a4a330eaa9dd80db80ffa
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7f7df337edd27e84815685629876728fc0326065c64c1fbc5dfccc9f9a9900f0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 501e8a9db0a1a955575f5a258f01ba71a19042f5ef6a4a330eaa9dd80db80ffa
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C7D05EE2A002282FDF60E7749C0DDF73AACE740220F0006A0786DD3152E920DE4486B0
                                                                                                                                                                                                                                                                                                                                                                        Function 008B039A Relevance: 1.5, APIs: 1, Instructions: 15fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(00000000,00000000,?,008B0704,?,?,00000000,?,008B0704,00000000,0000000C), ref: 008B03B7
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateFile
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 823142352-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0bf8f405fc93b75bd5eabb35bc61e12c9f6c2e604e3810b649ae6e41e5339ffb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 949734608a70a35f7fecd6799ea31bfb6dc15c1497af97d32be2e3593c8dc077
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0bf8f405fc93b75bd5eabb35bc61e12c9f6c2e604e3810b649ae6e41e5339ffb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A4D06C3205410DBFDF028F84DD06EDA3BAAFB48714F014100BE1856020C732E821AB90
                                                                                                                                                                                                                                                                                                                                                                        Function 00871CAD Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00002001,00000000,00000002), ref: 00871CBC
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: InfoParametersSystem
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3098949447-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 910132c5220054918f62466b4bbab4c5b4d9456f418b7dd7ec05a6a0112a9401
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b6393fdfbc0e6da4da7dae8936ea1006afb1ea549b202f3246fb8b3e924397c3
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 910132c5220054918f62466b4bbab4c5b4d9456f418b7dd7ec05a6a0112a9401
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88C0923E2AC304AFF3188B80BC4AF1077A4B349F00F448001F609A96E3D3A22860FA50

                                                                                                                                                                                                                                                                                                                                                                        Non-executed Functions

                                                                                                                                                                                                                                                                                                                                                                        Function 00909576 Relevance: 72.4, APIs: 39, Strings: 2, Instructions: 625windowkeyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00889BB2
                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,0000004E,?,?,?,?,?,?), ref: 0090961A
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 0090965B
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(FFFFFDD9,000000F0), ref: 0090969F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009096C9
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 009096F2
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 0090978B
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000009), ref: 00909798
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000130B,00000000,00000000), ref: 009097AE
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000010), ref: 009097B8
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 009097E9
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 00909810
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001030,?,00907E95), ref: 00909918
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_SetDragCursorImage.COMCTL32(00000000,00000000,00000000,?,?,?), ref: 0090992E
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_BeginDrag.COMCTL32(00000000,000000F8,000000F0), ref: 00909941
                                                                                                                                                                                                                                                                                                                                                                        • SetCapture.USER32(?), ref: 0090994A
                                                                                                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 009099AF
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_DragEnter.COMCTL32(00000000,?,?), ref: 009099BC
                                                                                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009099D6
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseCapture.USER32 ref: 009099E1
                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00909A19
                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00909A26
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00909A80
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 00909AAE
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00909AEB
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 00909B1A
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110B,00000009,00000000), ref: 00909B3B
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000110B,00000009,?), ref: 00909B4A
                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00909B68
                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00909B75
                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 00909B93
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001012,00000000,?), ref: 00909BFA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 00909C2B
                                                                                                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00909C84
                                                                                                                                                                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000), ref: 00909CB4
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,?), ref: 00909CDE
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32 ref: 00909D01
                                                                                                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 00909D4E
                                                                                                                                                                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000080,?,?,?,00000000), ref: 00909D82
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889944: GetWindowLongW.USER32(?,000000EB), ref: 00889952
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00909E05
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$ClientScreen$ImageLongWindow$CursorDragList_State$CaptureMenuPopupTrack$BeginEnterInvalidateParentProcRectRelease
                                                                                                                                                                                                                                                                                                                                                                        • String ID: @GUI_DRAGID$F
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3429851547-4164748364
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f923f8957dcf2a8912b708cebb4e44cf4f5701a67756d489b700b58eb828607f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 26fb53795aa540f9e108e8b8dcc8a019a8b0d9f11d62a9900d9ce0774a0fd0b4
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f923f8957dcf2a8912b708cebb4e44cf4f5701a67756d489b700b58eb828607f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA429F75608201AFD724CF28CC44EAABBE9FF49714F144A19F699872E2D732E850DF52
                                                                                                                                                                                                                                                                                                                                                                        Function 00904873 Relevance: 60.1, APIs: 33, Strings: 1, Instructions: 566windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000408,00000000,00000000), ref: 009048F3
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000188,00000000,00000000), ref: 00904908
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000018A,00000000,00000000), ref: 00904927
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000148,00000000,00000000), ref: 0090494B
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000147,00000000,00000000), ref: 0090495C
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000149,00000000,00000000), ref: 0090497B
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000130B,00000000,00000000), ref: 009049AE
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000133C,00000000,?), ref: 009049D4
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000110A,00000009,00000000), ref: 00904A0F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00904A56
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000113E,00000000,00000004), ref: 00904A7E
                                                                                                                                                                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 00904A97
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00904AF2
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 00904B20
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00904B94
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000113E,00000000,00000008), ref: 00904BE3
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001001,00000000,?), ref: 00904C82
                                                                                                                                                                                                                                                                                                                                                                        • wsprintfW.USER32 ref: 00904CAE
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00904CC9
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,00000000,00000001), ref: 00904CF1
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,000000F0,00000000,00000000), ref: 00904D13
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 00904D33
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,00000000,00000001), ref: 00904D5A
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$MenuWindow$InfoItemText$Longwsprintf
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %d/%02d/%02d
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4054740463-328681919
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7788c54167efadd1ecdec5aea741230fe039a8ea684630401324b644abcdd1fe
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 19da6b4ed9ffd5998d2788df01c5bb1d61e6ae82f391fd94bb48e75249b55469
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7788c54167efadd1ecdec5aea741230fe039a8ea684630401324b644abcdd1fe
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A12BEB1600215AFEB259F28CC49FAE7BF8FF85710F104629F615EA2E1DB749941CB50
                                                                                                                                                                                                                                                                                                                                                                        Function 0088F98E Relevance: 43.9, APIs: 24, Strings: 1, Instructions: 130keyboardthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(00000000,00000000,00000000), ref: 0088F998
                                                                                                                                                                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 008CF474
                                                                                                                                                                                                                                                                                                                                                                        • IsIconic.USER32(00000000), ref: 008CF47D
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000000,00000009), ref: 008CF48A
                                                                                                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 008CF494
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 008CF4AA
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 008CF4B1
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000,00000000), ref: 008CF4BD
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 008CF4CE
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,00000000,00000001), ref: 008CF4D6
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,000000FF,00000001), ref: 008CF4DE
                                                                                                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 008CF4E1
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 008CF4F6
                                                                                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 008CF501
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 008CF50B
                                                                                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 008CF510
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 008CF519
                                                                                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 008CF51E
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 008CF528
                                                                                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(00000012,00000000), ref: 008CF52D
                                                                                                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 008CF530
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,000000FF,00000000), ref: 008CF557
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Thread$AttachForegroundInputVirtualkeybd_event$Process$CurrentFindIconicShow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4125248594-2988720461
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7901e1f3a78bcc3dbd2f68a4e95511102e6d39d31bd66e9d1615a9f027a2f456
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1d1d82d476e29ac22d4a1ad11cf4fec2e1a024591b10aeec899b146211e46fec
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7901e1f3a78bcc3dbd2f68a4e95511102e6d39d31bd66e9d1615a9f027a2f456
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 36313EB1A54218BEFB216BB55C4AFBF7E7DFB44B50F100169FB01E61D1C6B19900BAA0
                                                                                                                                                                                                                                                                                                                                                                        Function 008D1201 Relevance: 38.7, APIs: 19, Strings: 3, Instructions: 241COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 008D170D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 008D173A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D16C3: GetLastError.KERNEL32 ref: 008D174A
                                                                                                                                                                                                                                                                                                                                                                        • LogonUserW.ADVAPI32(?,?,?,00000000,00000000,?), ref: 008D1286
                                                                                                                                                                                                                                                                                                                                                                        • DuplicateTokenEx.ADVAPI32(?,00000000,00000000,00000002,00000001,?), ref: 008D12A8
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 008D12B9
                                                                                                                                                                                                                                                                                                                                                                        • OpenWindowStationW.USER32(winsta0,00000000,00060000), ref: 008D12D1
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessWindowStation.USER32 ref: 008D12EA
                                                                                                                                                                                                                                                                                                                                                                        • SetProcessWindowStation.USER32(00000000), ref: 008D12F4
                                                                                                                                                                                                                                                                                                                                                                        • OpenDesktopW.USER32(default,00000000,00000000,00060081), ref: 008D1310
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D10BF: AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008D11FC), ref: 008D10D4
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D10BF: CloseHandle.KERNEL32(?,?,008D11FC), ref: 008D10E9
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: StationTokenWindow$AdjustCloseHandleOpenPrivilegesProcess$DesktopDuplicateErrorLastLogonLookupPrivilegeUserValue
                                                                                                                                                                                                                                                                                                                                                                        • String ID: $default$winsta0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 22674027-1027155976
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9941df4b67625a3aeb12827dec6b2ccea509d05da7450bb89cb63efeddc49110
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c7631530581062322a4507d703f58e14c8c80f2c2210fe6139c024c4f563f4db
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9941df4b67625a3aeb12827dec6b2ccea509d05da7450bb89cb63efeddc49110
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D4817AB1900209BFDF219FA8DC49BEE7BBAFF04704F14422AF910E62A0C7718945DB65
                                                                                                                                                                                                                                                                                                                                                                        Function 008D0B62 Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 008D1114
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,008D0B9B,?,?,?), ref: 008D1120
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,008D0B9B,?,?,?), ref: 008D112F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,008D0B9B,?,?,?), ref: 008D1136
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 008D114D
                                                                                                                                                                                                                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 008D0BCC
                                                                                                                                                                                                                                                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 008D0C00
                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 008D0C17
                                                                                                                                                                                                                                                                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 008D0C51
                                                                                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 008D0C6D
                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 008D0C84
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 008D0C8C
                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 008D0C93
                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 008D0CB4
                                                                                                                                                                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 008D0CBB
                                                                                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 008D0CEA
                                                                                                                                                                                                                                                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 008D0D0C
                                                                                                                                                                                                                                                                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 008D0D1E
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008D0D45
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 008D0D4C
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008D0D55
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 008D0D5C
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008D0D65
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 008D0D6C
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 008D0D78
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 008D0D7F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D1193: GetProcessHeap.KERNEL32(00000008,008D0BB1,?,00000000,?,008D0BB1,?), ref: 008D11A1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,008D0BB1,?), ref: 008D11A8
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,008D0BB1,?), ref: 008D11B7
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a17baaed0a8d918815f456bb9eb77b7bfdae6c02494ec45e3bcc5181cad4f6f6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ed9fb5ecacbd23f9c89bfe53812e0078abb300a772df55452689cce4475cfabf
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a17baaed0a8d918815f456bb9eb77b7bfdae6c02494ec45e3bcc5181cad4f6f6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A7168B290420AAFEF109FA4DC48BAEBBB9FF05310F044716E914E7291D771AA45DF60
                                                                                                                                                                                                                                                                                                                                                                        Function 008EEAFF Relevance: 30.2, APIs: 20, Instructions: 191clipboardfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • OpenClipboard.USER32(0090CC08), ref: 008EEB29
                                                                                                                                                                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(0000000D), ref: 008EEB37
                                                                                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(0000000D), ref: 008EEB43
                                                                                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 008EEB4F
                                                                                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 008EEB87
                                                                                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 008EEB91
                                                                                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 008EEBBC
                                                                                                                                                                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(00000001), ref: 008EEBC9
                                                                                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(00000001), ref: 008EEBD1
                                                                                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 008EEBE2
                                                                                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 008EEC22
                                                                                                                                                                                                                                                                                                                                                                        • IsClipboardFormatAvailable.USER32(0000000F), ref: 008EEC38
                                                                                                                                                                                                                                                                                                                                                                        • GetClipboardData.USER32(0000000F), ref: 008EEC44
                                                                                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 008EEC55
                                                                                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(00000000,000000FF,00000000,00000000), ref: 008EEC77
                                                                                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 008EEC94
                                                                                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(00000000,?,?,00000104), ref: 008EECD2
                                                                                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 008EECF3
                                                                                                                                                                                                                                                                                                                                                                        • CountClipboardFormats.USER32 ref: 008EED14
                                                                                                                                                                                                                                                                                                                                                                        • CloseClipboard.USER32 ref: 008EED59
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Clipboard$Global$AvailableCloseDataDragFileFormatLockQueryUnlock$CountFormatsOpen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 420908878-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9668af553c1245df6c0ec78cde3267c5773933a6483019f2fa819832806849b9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: dce28d8aab6b19c5951e9653799392967a99d8d715b027aaa02c493c39ca7a48
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9668af553c1245df6c0ec78cde3267c5773933a6483019f2fa819832806849b9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C261FE74208242AFD310EF29D884F2AB7A4FF85714F148619F45AD72A2DB31DD09DB62
                                                                                                                                                                                                                                                                                                                                                                        Function 008E698F Relevance: 21.4, APIs: 7, Strings: 5, Instructions: 363timefileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 008E69BE
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 008E6A12
                                                                                                                                                                                                                                                                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 008E6A4E
                                                                                                                                                                                                                                                                                                                                                                        • FileTimeToLocalFileTime.KERNEL32(?,?), ref: 008E6A75
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 008E6AB2
                                                                                                                                                                                                                                                                                                                                                                        • FileTimeToSystemTime.KERNEL32(?,?), ref: 008E6ADF
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Time$File$FindLocalSystem$CloseFirst_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %02d$%03d$%4d$%4d%02d%02d%02d%02d%02d$%4d%02d%02d%02d%02d%02d%03d
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3830820486-3289030164
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cb30abf9102d7dc605445891aa1df67a9bbe2eac928211951d45b0669d754c41
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7b78551fa48414624654c0d36d787269cc77baf9d14df2c34e5ea7944d95fd1e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cb30abf9102d7dc605445891aa1df67a9bbe2eac928211951d45b0669d754c41
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13D12D72508340AEC714EBA8C882EABB7E8FF99704F44491DF589D7191EB74DA44CB63
                                                                                                                                                                                                                                                                                                                                                                        Function 008E9642 Relevance: 21.1, APIs: 11, Strings: 1, Instructions: 118fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,756E8FB0,?,00000000), ref: 008E9663
                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 008E96A1
                                                                                                                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,?), ref: 008E96BB
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 008E96D3
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 008E96DE
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 008E96FA
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 008E974A
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(00936B7C), ref: 008E9768
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 008E9772
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 008E977F
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 008E978F
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$File$Close$AttributesCurrentDirectoryFirstNext
                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1409584000-438819550
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c1e89b2de4b9bd86a1808db916134b78e233da7e3529893f9ae52d3cff29cefd
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0e5db32493a9a56cdfcee240fe3dfc5c94d2c0476e66a959a729eb2e6282d82c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1e89b2de4b9bd86a1808db916134b78e233da7e3529893f9ae52d3cff29cefd
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B331F3725142597EDF20AFB9DC08ADE77ACFF4A320F144166F895E21A1DB70DD448E10
                                                                                                                                                                                                                                                                                                                                                                        Function 008E979D Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 111fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?,756E8FB0,?,00000000), ref: 008E97BE
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 008E9819
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 008E9824
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(*.*,?), ref: 008E9840
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 008E9890
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(00936B7C), ref: 008E98AE
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 008E98B8
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 008E98C5
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 008E98D5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DDAE5: CreateFileW.KERNEL32(?,40000000,00000001,00000000,00000003,02000080,00000000), ref: 008DDB00
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$File$Close$CurrentDirectoryFirstNext$Create
                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2640511053-438819550
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 428a3c368ba6bcfca20367f757f893d656e06c495cb699a7ee9d38de91531e82
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ab4887762aa1e7f1cf113046c5e61b8dacc2999ad82bee41cc15bba49298c912
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 428a3c368ba6bcfca20367f757f893d656e06c495cb699a7ee9d38de91531e82
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8731A0715042697EDF20AFA9DC48ADE77ACEF47324F148165E890E21E1DBB0D9458E20
                                                                                                                                                                                                                                                                                                                                                                        Function 008DD076 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 172fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00873AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00873A97,?,?,00872E7F,?,?,?,00000000), ref: 00873AC2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DE199: GetFileAttributesW.KERNEL32(?,008DCF95), ref: 008DE19A
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 008DD122
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?,?,00000000,?,?,?), ref: 008DD1DD
                                                                                                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 008DD1F0
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 008DD20D
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 008DD237
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DD29C: CopyFileExW.KERNEL32(?,?,00000000,00000000,00000000,00000008,?,?,008DD21C,?,?), ref: 008DD2B2
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,?,?), ref: 008DD253
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 008DD264
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: File$Find$CloseDelete$AttributesCopyFirstFullMoveNameNextPath
                                                                                                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1946585618-1173974218
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 568bea52ef56545ba98f2b224861acfd55d01373e7814c8561da8d1cb064ecd1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 241c66699e1140b5214723882d1e608eabd5458b5787f420b56fd75d93185c4f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 568bea52ef56545ba98f2b224861acfd55d01373e7814c8561da8d1cb064ecd1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DA616E3180520D9ECF05EBE8D9929EDB779FF55300F208266E415B7295EB30AF09DB62
                                                                                                                                                                                                                                                                                                                                                                        Function 008EED6A Relevance: 13.6, APIs: 9, Instructions: 102clipboardmemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Clipboard$AllocCloseEmptyGlobalOpen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1737998785-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b8a7a28a044b7f9b3df94bb4d489382cab4b8164208ce4bee5a173e3d26e70e5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2ccd1d394ab9b03788b42fad841822b00e8b151aaaf3c6fe4338c4a1248435fc
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8a7a28a044b7f9b3df94bb4d489382cab4b8164208ce4bee5a173e3d26e70e5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BB41AD75608652AFE720DF1AD888F19BBE1FF45318F14C199E419CB6A2C776EC41CB90
                                                                                                                                                                                                                                                                                                                                                                        Function 008DE8F6 Relevance: 12.3, APIs: 3, Strings: 4, Instructions: 57shutdownCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D16C3: LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 008D170D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D16C3: AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 008D173A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D16C3: GetLastError.KERNEL32 ref: 008D174A
                                                                                                                                                                                                                                                                                                                                                                        • ExitWindowsEx.USER32(?,00000000), ref: 008DE932
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AdjustErrorExitLastLookupPrivilegePrivilegesTokenValueWindows
                                                                                                                                                                                                                                                                                                                                                                        • String ID: $ $@$SeShutdownPrivilege
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2234035333-3163812486
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c325418bb1563270a7e1a49553b25ce4ad8d7496e54317fdf677ee9e7d6ac294
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6f076e28a4d369959ec927100247deb8c2914b01fecc488a7db09807e2cf7eb6
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c325418bb1563270a7e1a49553b25ce4ad8d7496e54317fdf677ee9e7d6ac294
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D60126B2621215BFEB1437B89C9ABBF776CFB14744F140B23F802E63D1D5A05C408190
                                                                                                                                                                                                                                                                                                                                                                        Function 008F1204 Relevance: 12.1, APIs: 8, Instructions: 113networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,00000002,00000000), ref: 008F1276
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 008F1283
                                                                                                                                                                                                                                                                                                                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 008F12BA
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 008F12C5
                                                                                                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 008F12F4
                                                                                                                                                                                                                                                                                                                                                                        • listen.WSOCK32(00000000,00000005), ref: 008F1303
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 008F130D
                                                                                                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 008F133C
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$closesocket$bindlistensocket
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 540024437-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e5ed1e29b638d0647c0327fa8663fec8972c1c9a96a561aad4753ae3507c045a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 45f53755890eb6018352c8bc66b8ed5e2539c91d4335f45c4bbd0ea7989348cf
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5ed1e29b638d0647c0327fa8663fec8972c1c9a96a561aad4753ae3507c045a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC414D71600154DFDB10DF68C488B29BBE6FF46318F188198E956DF296C771ED81CBA1
                                                                                                                                                                                                                                                                                                                                                                        Function 008AB952 Relevance: 10.9, APIs: 7, Instructions: 370timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008AB9D4
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008AB9F8
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ABB7F
                                                                                                                                                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00913700), ref: 008ABB91
                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,0094121C,000000FF,00000000,0000003F,00000000,?,?), ref: 008ABC09
                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00941270,000000FF,?,0000003F,00000000,?), ref: 008ABC36
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ABD4B
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ByteCharMultiWide$InformationTimeZone
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 314583886-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c475aa981a30b4068de7e4a3b5ecf90bc282bddb48cffb3e0322edb61a0a7cf4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d3d67381cc7ccc98c2ada192d643e524350c006ba2f83e5e6d28a75d57472daf
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c475aa981a30b4068de7e4a3b5ecf90bc282bddb48cffb3e0322edb61a0a7cf4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8FC13771904258AFEB209F689C41BAA7BF8FF43320F1841AAE590D7A53E7309E41D751
                                                                                                                                                                                                                                                                                                                                                                        Function 008DD3A9 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 91fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00873AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00873A97,?,?,00872E7F,?,?,?,00000000), ref: 00873AC2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DE199: GetFileAttributesW.KERNEL32(?,008DCF95), ref: 008DE19A
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 008DD420
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,?), ref: 008DD470
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,00000010), ref: 008DD481
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 008DD498
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 008DD4A1
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileFind$Close$AttributesDeleteFirstFullNameNextPath
                                                                                                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2649000838-1173974218
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 352dee24ad713e16ef5d5977cfee06deae9e9a8288f847c9973564bb2f829314
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1fd063a3fb5e310d9d4ea32d445a17ca4ea95dcc2d4eda8b8f5c083f2cf7c63c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 352dee24ad713e16ef5d5977cfee06deae9e9a8288f847c9973564bb2f829314
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 453141710183459FC304EF68D8919AF77A8FE95314F448A1EF4E5D2291EB30EA09D767
                                                                                                                                                                                                                                                                                                                                                                        Function 008AE4FF Relevance: 10.1, APIs: 1, Strings: 4, Instructions: 1381COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: __floor_pentium4
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 1#IND$1#INF$1#QNAN$1#SNAN
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4168288129-2761157908
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fc09c8566d1baea575e6d83ad7aec9e15ccd5f7891735fbee9a66d06a9401964
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: dce6ff473c0f91a3c2999a5f2ddf8e548bd4a3bfe7108983b37f5fab58f2f742
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc09c8566d1baea575e6d83ad7aec9e15ccd5f7891735fbee9a66d06a9401964
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5C25971E086288FEB25CE68DD407EAB7B5FB4A304F1445EAD50DE7641E778AE818F40
                                                                                                                                                                                                                                                                                                                                                                        Function 008E648E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 367comCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008E64DC
                                                                                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 008E6639
                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(0090FCF8,00000000,00000001,0090FB68,?), ref: 008E6650
                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 008E68D4
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateInitializeInstanceUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 886957087-24824748
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7dd2ae014123b06eef63b9c53e56936419fba7fa5f8998a73dc3ea3e459869a7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d294a09d2b6d0b7cd711adedbb70c20d2ba95221d5f014f48cd5414f7060e843
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7dd2ae014123b06eef63b9c53e56936419fba7fa5f8998a73dc3ea3e459869a7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CCD13971608241AFC314EF28C881D6BB7E8FF95744F10896DF599CB2A5EB70E905CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 008F22DA Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(?,?,00000000), ref: 008F22E8
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008EE4EC: GetWindowRect.USER32(?,?), ref: 008EE504
                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 008F2312
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 008F2319
                                                                                                                                                                                                                                                                                                                                                                        • mouse_event.USER32(00008001,?,?,00000002,00000002), ref: 008F2355
                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 008F2381
                                                                                                                                                                                                                                                                                                                                                                        • mouse_event.USER32(00008001,?,?,00000000,00000000), ref: 008F23DF
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Rectmouse_event$CursorDesktopForeground
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2387181109-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 76cf34468c87c52e86914c908263a3cbc52177fefaefcd83e7fe653bc48372d8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8d6873eb9f0265b7d6f968025b1c5aa8d0fd5ba72436382ec757c9690e64dd7f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 76cf34468c87c52e86914c908263a3cbc52177fefaefcd83e7fe653bc48372d8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BC31B0B2509319AFD720DF64C849F6BBBA9FF84314F000A19F985D7291DB74E909CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 008E9B2B Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 119filesleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(00000001,?,*.*,?,?,00000000,00000000), ref: 008E9B78
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000,?,00000000,00000000), ref: 008E9C8B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008E3874: GetInputState.USER32 ref: 008E38CB
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008E3874: PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008E3966
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A,?,00000000,00000000), ref: 008E9BA8
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(?,?,?,00000000,00000000), ref: 008E9C75
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$File$CloseFirstInputMessageNextPeekSleepState_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1972594611-438819550
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 054272ad7c23ad1b5b50de65127aa711b18180652fa1010a53ce2ff7d1dc79c5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2c602eb2dbf7d44bfa45084ad0f1bac22d57de739eae964c6621f20cd32ffe70
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 054272ad7c23ad1b5b50de65127aa711b18180652fa1010a53ce2ff7d1dc79c5
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 55418371904249AFCF14EF69C885AEEBBB4FF46310F248155E455E2191EB70DE84CF61
                                                                                                                                                                                                                                                                                                                                                                        Function 0088997D Relevance: 7.9, APIs: 5, Instructions: 375COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00889BB2
                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,?,?,?,?), ref: 00889A4E
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00889B23
                                                                                                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 00889B36
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Color$LongProcWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3131106179-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 597d25afafa4c359cce51860948bdd6696e497da8a349d7cef792962419663ed
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 62563c771deb52f2d82fcc43ba63a6efff6b930c9a6ca2cdc2d263924c2c94f9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 597d25afafa4c359cce51860948bdd6696e497da8a349d7cef792962419663ed
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CDA11B70218428BEE72CBA2C9C49F7B36ADFB82354B18410DF582D6AD2CA35DD41D772
                                                                                                                                                                                                                                                                                                                                                                        Function 008F1806 Relevance: 7.7, APIs: 5, Instructions: 153networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008F304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 008F307A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008F304E: _wcslen.LIBCMT ref: 008F309B
                                                                                                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000002,00000011,?,?,00000000), ref: 008F185D
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 008F1884
                                                                                                                                                                                                                                                                                                                                                                        • bind.WSOCK32(00000000,?,00000010), ref: 008F18DB
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 008F18E6
                                                                                                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 008F1915
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_wcslenbindclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1601658205-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 65dd6143fb7663e7c6d415440f76b85dfadc412d77a0876bdbc75b1590352034
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c0a7c2f08af0e639619a7ed9af94253233efab150cfcc8481241fbf295b6c163
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 65dd6143fb7663e7c6d415440f76b85dfadc412d77a0876bdbc75b1590352034
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7951A371A002049FDB10AF28C886F3A77A5FB45718F14C058F9099F397DB71ED418BA2
                                                                                                                                                                                                                                                                                                                                                                        Function 00901C41 Relevance: 7.6, APIs: 5, Instructions: 83windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$EnabledForegroundIconicVisibleZoomed
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 292994002-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a1af63b4ddd1dc4eb53fe5802c86acfdfb5c27b890794fac2ac21d1b18fd99da
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0c8d909a05cc784c0fb9512e6c839506e5b0032f636088904567cb227032b55e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1af63b4ddd1dc4eb53fe5802c86acfdfb5c27b890794fac2ac21d1b18fd99da
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D2174717442115FE7208F2AC884B5A7BE9FF95315F198059E88ACB3D1CB75EC42DB90
                                                                                                                                                                                                                                                                                                                                                                        Function 00878060 Relevance: 7.4, Strings: 5, Instructions: 1151COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ERCP$VUUU$VUUU$VUUU$VUUU
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-1546025612
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4acfdb28180906a825ead8aa434bf8643048d8576ef558719f3973d2b76c1543
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 25373d4dfa6fedc39a9d93a1d27cd8250f0573510e06d070b5af64565693f878
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4acfdb28180906a825ead8aa434bf8643048d8576ef558719f3973d2b76c1543
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CEA24871A4061ACBDF24CF58C8447EEB7B1FB54314F2481AAE819E7389EB74DD918B90
                                                                                                                                                                                                                                                                                                                                                                        Function 008DAA57 Relevance: 6.1, APIs: 4, Instructions: 107keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?,00000001,00000040,00000000), ref: 008DAAAC
                                                                                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(00000080), ref: 008DAAC8
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000102,00000001,00000001), ref: 008DAB36
                                                                                                                                                                                                                                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,00000001,00000040,00000000), ref: 008DAB88
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 726455193f199a47c210d5c3dfca57d19728961731e73c86947db5f9ef3cf4fc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4703af49c4bbb4a426e1b15323b6dfde88a26a654547e871010164657e8b8a75
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 726455193f199a47c210d5c3dfca57d19728961731e73c86947db5f9ef3cf4fc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E31E770A40258AEEB398B688C05BFE7BA6FB45330F24431BF581D63D1D7758982D762
                                                                                                                                                                                                                                                                                                                                                                        Function 008ECE44 Relevance: 6.1, APIs: 4, Instructions: 75filenetworkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InternetReadFile.WININET(?,?,00000400,?), ref: 008ECE89
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 008ECEEA
                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000), ref: 008ECEFE
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorEventFileInternetLastRead
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 234945975-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8f294e1ace75a6c58ec1da3b95103b0c9b52dcf5d9b65fc13d1a399af8765cac
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 41f0a5accb6e02a6aa58a9b34500942c8f551d2d98f7cf13c90711ced5247e62
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f294e1ace75a6c58ec1da3b95103b0c9b52dcf5d9b65fc13d1a399af8765cac
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E221BDB1904306AFDB20DFA6C949BAA7BF8FB42318F10441EE546D2151EB70EE069B60
                                                                                                                                                                                                                                                                                                                                                                        Function 008D8298 Relevance: 5.1, APIs: 1, Strings: 2, Instructions: 568stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,?,?,00000000), ref: 008D82AA
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: lstrlen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ($|
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1659193697-1631851259
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c7d096f0b0562656a50f5ca385dc04ea738edc38754fd4a348a4c01aa63f5fd8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 27926c36e77c57f9ab36c61b042b62fe2a6a3b06a0e612a004275058ddb5f7d6
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c7d096f0b0562656a50f5ca385dc04ea738edc38754fd4a348a4c01aa63f5fd8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E1322474A00605DFCB28CF59C481A6AB7F1FF48720B15C56EE59ADB3A1EB70E941CB44
                                                                                                                                                                                                                                                                                                                                                                        Function 008E5C97 Relevance: 4.6, APIs: 3, Instructions: 138fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 008E5CC1
                                                                                                                                                                                                                                                                                                                                                                        • FindNextFileW.KERNEL32(00000000,?), ref: 008E5D17
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(?), ref: 008E5D5F
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$File$CloseFirstNext
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3541575487-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: de017e0ba2c0b2f84e8f949ee32c89fa9d0d462be21973671686dd16c39b2844
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 423cc0d6b33540b18d2c5d5c3294fe3ee1f944036c8cc68777beed64e1e89b56
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: de017e0ba2c0b2f84e8f949ee32c89fa9d0d462be21973671686dd16c39b2844
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93518A74604A419FC714DF29C894A9AB7E4FF4A318F14856DE96ACB3A2CB30ED44CB91
                                                                                                                                                                                                                                                                                                                                                                        Function 008A2622 Relevance: 4.6, APIs: 3, Instructions: 78COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32 ref: 008A271A
                                                                                                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(00000000), ref: 008A2724
                                                                                                                                                                                                                                                                                                                                                                        • UnhandledExceptionFilter.KERNEL32(?), ref: 008A2731
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled$DebuggerPresent
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3906539128-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1fe84d59c2b9ed5711f9c8d78ea4a827eb4e5cf69bb4bf9df8449d255bc1afa4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 61e6747cfb520bea1ca510459b9559d0b1b675f2335828cf67c1ab596bb377ce
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1fe84d59c2b9ed5711f9c8d78ea4a827eb4e5cf69bb4bf9df8449d255bc1afa4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7731B474911228ABCB21DF68DD89799B7B8FF08310F5042EAE81CA6261E7349F819F45
                                                                                                                                                                                                                                                                                                                                                                        Function 008E51CD Relevance: 4.6, APIs: 3, Instructions: 76COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 008E51DA
                                                                                                                                                                                                                                                                                                                                                                        • GetDiskFreeSpaceExW.KERNEL32(?,?,?,?), ref: 008E5238
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 008E52A1
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1682464887-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 408b82f232e074a82d9e3e8a768ae7421a7d25fb5ee8c01bcd9ba04fcf9bf3c8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0937dd0b24a178628bc5c2d167c065ac619c348690a7f07d4e1a8c57032cccdb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 408b82f232e074a82d9e3e8a768ae7421a7d25fb5ee8c01bcd9ba04fcf9bf3c8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 76318F75A10608DFDB00DF54D884EADBBB5FF09318F048099E909EB3A6CB71E845CB91
                                                                                                                                                                                                                                                                                                                                                                        Function 008D16C3 Relevance: 4.6, APIs: 3, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00890668
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088FDDB: __CxxThrowException@8.LIBVCRUNTIME ref: 00890685
                                                                                                                                                                                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,00000000,00000004), ref: 008D170D
                                                                                                                                                                                                                                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,?,00000000,?), ref: 008D173A
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 008D174A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Exception@8Throw$AdjustErrorLastLookupPrivilegePrivilegesTokenValue
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 577356006-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c5abe7ec6d5bfbfeb11114f9335b7612bc3b09ea46a25b61762d066deff1d92e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 45825ab8938f62c8f4abe5578adb60d5e83885434bc0bff477176cc9ab34b10b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c5abe7ec6d5bfbfeb11114f9335b7612bc3b09ea46a25b61762d066deff1d92e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E11BFB2414208BFDB18AF54DC8AD6AB7BDFF04714B20862EE55692252EB70BC418B20
                                                                                                                                                                                                                                                                                                                                                                        Function 008DD5EB Relevance: 4.6, APIs: 3, Instructions: 58fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 008DD608
                                                                                                                                                                                                                                                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,002D1400,?,0000000C,?,00000028,?,00000000), ref: 008DD645
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,00000080,00000003,00000000,00000003,00000080,00000000), ref: 008DD650
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseControlCreateDeviceFileHandle
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 33631002-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f54263517a93d03c16895d8061e4c01633f64082b64dbf76e575484b8f896f13
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d9133e4eede7a52e282b234e6c951725526c58afc716ec75ebe8325f44b23e1c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f54263517a93d03c16895d8061e4c01633f64082b64dbf76e575484b8f896f13
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CB1170B1E05228BFDB108F94AC44FAFBBBCEB45B50F108252F904E7290D2704A018BE1
                                                                                                                                                                                                                                                                                                                                                                        Function 008D1663 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • AllocateAndInitializeSid.ADVAPI32(?,00000002,00000020,00000220,00000000,00000000,00000000,00000000,00000000,00000000,?,?), ref: 008D168C
                                                                                                                                                                                                                                                                                                                                                                        • CheckTokenMembership.ADVAPI32(00000000,?,?), ref: 008D16A1
                                                                                                                                                                                                                                                                                                                                                                        • FreeSid.ADVAPI32(?), ref: 008D16B1
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AllocateCheckFreeInitializeMembershipToken
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3429775523-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b522c37ea033248ed020688d65433e7a0b6fb312b95bc025831bd75a88dfe316
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 120f1e9697350f59ba9f96a1ca799b1c3871bf90ea25b6ed4a3dbc7bdce7d3fe
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b522c37ea033248ed020688d65433e7a0b6fb312b95bc025831bd75a88dfe316
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5F0F4B1950309FFEF00DFE49D89AAEBBBCFB08604F504665E501E2181E774AA449A50
                                                                                                                                                                                                                                                                                                                                                                        Function 008AC2A2 Relevance: 3.6, APIs: 1, Strings: 1, Instructions: 127COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: /
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-2043925204
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f9432f8f68c45c7ecd894f4060e978fc5191903ddf488e017aac16dd434d2d40
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1b3541fdb14b96967389a491fffe4121c9b70b1b76f4e6cb3e03e730cb75ac0c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f9432f8f68c45c7ecd894f4060e978fc5191903ddf488e017aac16dd434d2d40
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 95414776900618AFEF209FB9CC48EBB77B8FB86314F1042A9F905D7680E6709D80CB50
                                                                                                                                                                                                                                                                                                                                                                        Function 0089CAA0 Relevance: 3.5, APIs: 2, Instructions: 464COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6df62eff897fea677e31b1417e8011e20c5b0cb7f9535fae5d6cc56799a804fb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2fbdbeface8d474e65e3d830227d731b015bc4fe83c76ff0107a9da6199ccf29
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 31021D71E002199FDF14DFA9C9906ADFBF1FF48314F298169E819EB384D731AA418B94
                                                                                                                                                                                                                                                                                                                                                                        Function 008E68EE Relevance: 3.1, APIs: 2, Instructions: 57fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FindFirstFileW.KERNEL32(?,?), ref: 008E6918
                                                                                                                                                                                                                                                                                                                                                                        • FindClose.KERNEL32(00000000), ref: 008E6961
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Find$CloseFileFirst
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2295610775-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0f026cc7049b516e9ac0e288937bdb53122a16f250bafec3f5d98cce66a073a1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 399f63ecc0f0838b49754a917ba991d1ef861aae114c24522bf03b5e828f2053
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f026cc7049b516e9ac0e288937bdb53122a16f250bafec3f5d98cce66a073a1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE1190716142409FC710DF2AD484A1ABBE5FF85328F14C69DE469CF6A2DB30EC05CB91
                                                                                                                                                                                                                                                                                                                                                                        Function 008E37B5 Relevance: 3.0, APIs: 2, Instructions: 33windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000,?,00000FFF,00000000,?,?,?,008F4891,?,?,00000035,?), ref: 008E37E4
                                                                                                                                                                                                                                                                                                                                                                        • FormatMessageW.KERNEL32(00001000,00000000,?,00000000,?,00000FFF,00000000,?,?,?,008F4891,?,?,00000035,?), ref: 008E37F4
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorFormatLastMessage
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3479602957-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ea3a5f6b2e4620c0d8623d44d201b8e65e3c79fd1e719a2865764cc58d32dd52
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5e5268195f7dff8b27d5dfec67ca359b85023e6e397074c06a4d367e341c069a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ea3a5f6b2e4620c0d8623d44d201b8e65e3c79fd1e719a2865764cc58d32dd52
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0BF0E5B16052292AEB20176B8C4DFEB3AAEFFC5765F000275F509E3281D9609D04C6B1
                                                                                                                                                                                                                                                                                                                                                                        Function 008DB226 Relevance: 3.0, APIs: 2, Instructions: 29keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,?,?,00000002), ref: 008DB25D
                                                                                                                                                                                                                                                                                                                                                                        • keybd_event.USER32(?,7608C0D0,?,00000000), ref: 008DB270
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: InputSendkeybd_event
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3536248340-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e9b8688fa0d5fc64f3eb707af6bb28c7838bca7dd271425e1f459a7a86b1bca8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c08c2f5c8afd52d7317e70df5e97740251da5bf107efd12efeb20a46f88c3ebe
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e9b8688fa0d5fc64f3eb707af6bb28c7838bca7dd271425e1f459a7a86b1bca8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2EF01D7581424DAFDB059FA0C805BAE7BB4FF04309F00810AF955E6291C37996119F94
                                                                                                                                                                                                                                                                                                                                                                        Function 008D10BF Relevance: 3.0, APIs: 2, Instructions: 24COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • AdjustTokenPrivileges.ADVAPI32(?,00000000,?,00000000,00000000,00000000,?,008D11FC), ref: 008D10D4
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,008D11FC), ref: 008D10E9
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AdjustCloseHandlePrivilegesToken
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 81990902-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8ec50978f26c7cb3b6d690e244d40406ec6b63ff7117caf1557607c38c438f22
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fe2733f254cf92e79770933e678cba925e0f475acc39eb3ae1abe0cca36936da
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ec50978f26c7cb3b6d690e244d40406ec6b63ff7117caf1557607c38c438f22
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01E04F72018600EEEB252B15FC09E7377A9FF04310B10892EF5A5C04B1DB626CA0EB10
                                                                                                                                                                                                                                                                                                                                                                        Function 008A676B Relevance: 1.8, APIs: 1, Instructions: 269COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • RaiseException.KERNEL32(C000000D,00000000,00000001,?,?,00000008,?,?,008A6766,?,?,00000008,?,?,008AFEFE,00000000), ref: 008A6998
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ExceptionRaise
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3997070919-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8859cbcfd05377ecaec92f21b6b9288aade7c2e514ebfa95a245a7c847de87b6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0dc82cec07daad9fca6c2f051884cc6eead1756383c73182bc0797cd5356a647
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8859cbcfd05377ecaec92f21b6b9288aade7c2e514ebfa95a245a7c847de87b6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3B16E31510608DFE715CF28C48AB657BE0FF06364F298658E999CF6A5D339E9A1CB40
                                                                                                                                                                                                                                                                                                                                                                        Function 0088B119 Relevance: 1.8, Strings: 1, Instructions: 511COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-3916222277
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ed220bdd874db85815af22ad4f2a0f9af121e6cc6c6d343495a783600786e20b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 899d0dfed7bdabd708ad9e454a523ee20dbf1681fca52b4f72961b46d2d928b0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed220bdd874db85815af22ad4f2a0f9af121e6cc6c6d343495a783600786e20b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 14124E71900229DFDB14DF58C881BAEB7F5FF48710F1481AAE849EB255DB709E81CB94
                                                                                                                                                                                                                                                                                                                                                                        Function 008EEAA2 Relevance: 1.5, APIs: 1, Instructions: 25keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • BlockInput.USER32(00000001), ref: 008EEABD
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: BlockInput
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3456056419-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f48e4831c16cf0c14c7d3ebed7e7e5585abb6d8473e1aa5767b630887b23cee3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0ff90fc5b14d26bff8949e925b5f01abc85972ca121a14fb1491eee75be05d55
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f48e4831c16cf0c14c7d3ebed7e7e5585abb6d8473e1aa5767b630887b23cee3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7FE01A312102149FC710EF6AD804E9AB7E9FFA9764F00842AFC49C7291DBB0E8408B91
                                                                                                                                                                                                                                                                                                                                                                        Function 008909D5 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetUnhandledExceptionFilter.KERNEL32(Function_000209E1,008903EE), ref: 008909DA
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ExceptionFilterUnhandled
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3192549508-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f2186fa7556b118037bbaf52851924e4cfa28b9d45be9b495200e82146f2b644
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a671a80208a6119f6cda156b34aaaeca8754292876a4f5d32ea3016fd51647f2
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2186fa7556b118037bbaf52851924e4cfa28b9d45be9b495200e82146f2b644
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash:
                                                                                                                                                                                                                                                                                                                                                                        Function 0089781B Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-4108050209
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 105b450523e1649301ffa90e137fbbd2545c2f16bb718132ab4ff5bb287f466e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9084b4e029052128895840c3c28e948f6724b1d83b91d22a18243ac96ad56844
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D951696163C64A9BDF38752C885D7BE2BC5FB12348F1C0539E882E7682C619DE02D35E
                                                                                                                                                                                                                                                                                                                                                                        Function 008A6DD9 Relevance: .6, Instructions: 637COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 89d5a8e90960c8f1d2ba8e33c6308e8977bf94e22675592eb2d05fdde4f66e38
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1b0cba2d3fa15c0dbeba15f5be1d8efd7691bb5841c057fc75cc0625c0f53cec
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 89d5a8e90960c8f1d2ba8e33c6308e8977bf94e22675592eb2d05fdde4f66e38
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8332D022E2DF414DE7239634DC22326A649EFB73C5F15D737E81AB5DA5EB29C483A100
                                                                                                                                                                                                                                                                                                                                                                        Function 0088CC39 Relevance: .6, Instructions: 635COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2a039471da09ba94f2fcf04afa7001cb0c6ce103b1bb2b5016f0ddc1e6fb4488
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a5271d885d2b0550bf15e097e8bb1f8ac2663c1a87e9888dfed51afaacd8af1e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2a039471da09ba94f2fcf04afa7001cb0c6ce103b1bb2b5016f0ddc1e6fb4488
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 07321132A041198BCF28CE29C494F7DBBB2FB45314F28856ED88ECB695D234DD81EB51
                                                                                                                                                                                                                                                                                                                                                                        Function 00877920 Relevance: .6, Instructions: 563COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a576f4c309716f74f06d5a9b18683a21e25bb7939589229814b1f0fdc47b99b9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 27c35ca02b0a6ceef9c1cfbd93ae8ea88eaef3d44ca4d800402790c176930c7c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a576f4c309716f74f06d5a9b18683a21e25bb7939589229814b1f0fdc47b99b9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B522ADB0A0460A9FDF14DFA8C881AEEB7B5FF48314F148529E816E7395EB35E910CB51
                                                                                                                                                                                                                                                                                                                                                                        Function 008791C0 Relevance: .5, Instructions: 475COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 83a2b8555908e5a8132814c9777b81aad7e9a2c812c8db7da76e764339072038
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 685bd8c70cad02d24edb7cb07262983dfdfe3bd63c06b902cf231f36a7a8af5d
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 83a2b8555908e5a8132814c9777b81aad7e9a2c812c8db7da76e764339072038
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9802B5B0A10119EFDB04DF58D881AEEB7B5FF54304F108169E95ADB395EB31EA20CB91
                                                                                                                                                                                                                                                                                                                                                                        Function 00891C77 Relevance: .3, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a074150c2dd5fb59358b569a7ec250fd691d23945d908b4731851ed8eb43c215
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 93657a121f16255c59120ad0d08fdbba6372c273009ad596b4ecdf6e8f3c6909
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4691667220D0A34ADF2D563A857C03EFFE1EA923A535E079DD4F2CA1C5EE24D954D620
                                                                                                                                                                                                                                                                                                                                                                        Function 008919B0 Relevance: .2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a340619519cbb46b2fa361b0810d7d85faf80f03e968c65e90b42354c0bab351
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 40101273f58913c3cb3bc7eb54df01d47b4121c3e67d19f11ec2cb23d33ea445
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1891327220D0A34EDF69567A857C03DFFE1EA923B635E079ED4F2CA1C1FE2489549620
                                                                                                                                                                                                                                                                                                                                                                        Function 00897A4A Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c88912d78f17b9f7e76a7e7888c5e540673094bc27063998412c1867103ad44f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f91c3c07ee2af0abcd856d2d7e404d97143fd8be0754761141577203fe9e8c7a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c88912d78f17b9f7e76a7e7888c5e540673094bc27063998412c1867103ad44f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2761897133871A96DE38BA2C8C95BBE23D5FF42768F1C091AE943DB281D6119E42C356
                                                                                                                                                                                                                                                                                                                                                                        Function 00897CA7 Relevance: .2, Instructions: 237COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d03d44300341ae8107b29ad537ea03f0fe37ad3e27bb54be6a3212d7755711ef
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2ae9cd3516b8a21a1cbb27b87475cb178e3065e9e9464a80a4934eccf0bf9820
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d03d44300341ae8107b29ad537ea03f0fe37ad3e27bb54be6a3212d7755711ef
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0D61697173C70997DE387A2C8855BBF2394FF42B08F1C0959E943DB685EA12AD428356
                                                                                                                                                                                                                                                                                                                                                                        Function 00891706 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 77bcab7ab5f2550ddafc6b94928308da9144f2564d37e161bfa6986ace8766b8
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 70da388f96bbbf26b230a155b4728740b34f0d100ea60ab2bbadb9d7d0befbf0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6081737260C0A309DF6D527A857C03EFFE1FA923A135E07ADD4F2CA1C5EE248554E620
                                                                                                                                                                                                                                                                                                                                                                        Function 008E2046 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 105625d196adb4cacc2b8cf326e0780631eaf0d45eebb35ffc3e5cf000b08b56
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6993a225497bb729d2b222709f5de7219772f2010995d7905d0f5705717935d9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 105625d196adb4cacc2b8cf326e0780631eaf0d45eebb35ffc3e5cf000b08b56
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C21A8326206158BD728CF79C81267A73E9F755310F55862EE4A7C37D0DE35A904DB80
                                                                                                                                                                                                                                                                                                                                                                        Function 008F2ADE Relevance: 77.5, APIs: 40, Strings: 4, Instructions: 486filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 008F2B30
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 008F2B43
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32 ref: 008F2B52
                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 008F2B6D
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 008F2B74
                                                                                                                                                                                                                                                                                                                                                                        • SetRect.USER32(?,00000000,00000000,00000007,00000002), ref: 008F2CA3
                                                                                                                                                                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,?), ref: 008F2CB1
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,AutoIt v3,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008F2CF8
                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 008F2D04
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,00000000,5000000E,00000000,00000000,?,?,00000000,00000000,00000000), ref: 008F2D40
                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008F2D62
                                                                                                                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008F2D75
                                                                                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008F2D80
                                                                                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 008F2D89
                                                                                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008F2D98
                                                                                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 008F2DA1
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008F2DA8
                                                                                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 008F2DB3
                                                                                                                                                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,?,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008F2DC5
                                                                                                                                                                                                                                                                                                                                                                        • OleLoadPicture.OLEAUT32(?,00000000,00000000,0090FC38,00000000), ref: 008F2DDB
                                                                                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 008F2DEB
                                                                                                                                                                                                                                                                                                                                                                        • CopyImage.USER32(00000007,00000000,00000000,00000000,00002000), ref: 008F2E11
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000172,00000000,00000007), ref: 008F2E30
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,?,?,00000020,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008F2E52
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000004,?,88C00000,000000FF,000000FF,?,?,00000000,00000000,00000000), ref: 008F303F
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Global$CreateRect$File$DeleteFreeObject$AdjustAllocClientCloseCopyDesktopDestroyHandleImageLoadLockMessagePictureReadSendShowSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                        • String ID: $AutoIt v3$DISPLAY$static
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2211948467-2373415609
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: aad809456f245fd59cd0b13bc4ee62ff8417c3132265e841d57eaf39b6a76426
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 276de968b6450524c39d4666502bd9f60418d6521995a36295bf0aec4526aad7
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: aad809456f245fd59cd0b13bc4ee62ff8417c3132265e841d57eaf39b6a76426
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9026BB5510209AFDB14DF68CC89EAE7BB9FB49714F108218F915EB2A1CB70ED01DB60
                                                                                                                                                                                                                                                                                                                                                                        Function 009070D5 Relevance: 49.8, APIs: 33, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 0090712F
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 00907160
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 0090716C
                                                                                                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,000000FF), ref: 00907186
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00907195
                                                                                                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 009071C0
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000010), ref: 009071C8
                                                                                                                                                                                                                                                                                                                                                                        • CreateSolidBrush.GDI32(00000000), ref: 009071CF
                                                                                                                                                                                                                                                                                                                                                                        • FrameRect.USER32(?,?,00000000), ref: 009071DE
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 009071E5
                                                                                                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FE,000000FE), ref: 00907230
                                                                                                                                                                                                                                                                                                                                                                        • FillRect.USER32(?,?,?), ref: 00907262
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00907284
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 009073E8: GetSysColor.USER32(00000012), ref: 00907421
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 009073E8: SetTextColor.GDI32(?,?), ref: 00907425
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 009073E8: GetSysColorBrush.USER32(0000000F), ref: 0090743B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 009073E8: GetSysColor.USER32(0000000F), ref: 00907446
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 009073E8: GetSysColor.USER32(00000011), ref: 00907463
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 009073E8: CreatePen.GDI32(00000000,00000001,00743C00), ref: 00907471
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 009073E8: SelectObject.GDI32(?,00000000), ref: 00907482
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 009073E8: SetBkColor.GDI32(?,00000000), ref: 0090748B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 009073E8: SelectObject.GDI32(?,?), ref: 00907498
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 009073E8: InflateRect.USER32(?,000000FF,000000FF), ref: 009074B7
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 009073E8: RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009074CE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 009073E8: GetWindowLongW.USER32(00000000,000000F0), ref: 009074DB
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Color$Rect$Object$BrushInflateSelect$CreateLongTextWindow$DeleteFillFrameRoundSolid
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4124339563-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0ed2880dcee7a75ea5a4390a47369526dbc57a528423ce851b9ab01573bd23d7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f152102da4dba74fe6677f13227c15cbd1bf4ff6ef63ced6ceddf38adbdb9f4c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0ed2880dcee7a75ea5a4390a47369526dbc57a528423ce851b9ab01573bd23d7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E4A19EB241C301AFDB109FA4DC48A6BBBA9FF89331F100B19F962961E1D735E944DB51
                                                                                                                                                                                                                                                                                                                                                                        Function 00888D85 Relevance: 47.7, APIs: 26, Strings: 1, Instructions: 480windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?), ref: 00888E14
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001308,?,00000000), ref: 008C6AC5
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Remove.COMCTL32(?,000000FF,?), ref: 008C6AFE
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000), ref: 008C6F43
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00888F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00888BE8,?,00000000,?,?,?,?,00888BBA,00000000,?), ref: 00888FC5
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001053), ref: 008C6F7F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001008,000000FF,00000000), ref: 008C6F96
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 008C6FAC
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?), ref: 008C6FB7
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: DestroyImageList_MessageSend$Window$InvalidateMoveRectRemove
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2760611726-4108050209
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5569efb5bada4b54b71392b7c0011f39088d2a7341fd96c28738300106c813d9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fa5796f59edb7375e824bda5f97e1e27d56ca697ac0cdd8449315358b93196f5
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5569efb5bada4b54b71392b7c0011f39088d2a7341fd96c28738300106c813d9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CA128834208201EFDB25DF28D884FAAB7B1FB49310F54456DF585CB261DB32E8A2DB91
                                                                                                                                                                                                                                                                                                                                                                        Function 008F2711 Relevance: 45.8, APIs: 22, Strings: 4, Instructions: 330windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000), ref: 008F273E
                                                                                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,?,00000000), ref: 008F286A
                                                                                                                                                                                                                                                                                                                                                                        • SetRect.USER32(?,00000000,00000000,0000012C,?), ref: 008F28A9
                                                                                                                                                                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(?,88C00000,00000000,00000008), ref: 008F28B9
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,AutoIt v3,?,88C00000,000000FF,?,?,?,00000000,00000000,00000000), ref: 008F2900
                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,?), ref: 008F290C
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000), ref: 008F2955
                                                                                                                                                                                                                                                                                                                                                                        • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 008F2964
                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 008F2974
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 008F2978
                                                                                                                                                                                                                                                                                                                                                                        • GetTextFaceW.GDI32(00000000,00000040,?,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?), ref: 008F2988
                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 008F2991
                                                                                                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(00000000), ref: 008F299A
                                                                                                                                                                                                                                                                                                                                                                        • CreateFontW.GDI32(00000000,00000000,00000000,00000000,00000258,00000000,00000000,00000000,00000001,00000004,00000000,00000002,00000000,?), ref: 008F29C6
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000030,00000000,00000001), ref: 008F29DD
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000200,msctls_progress32,00000000,50000001,?,-0000001D,00000104,00000014,00000000,00000000,00000000), ref: 008F2A1D
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000401,00000000,00640000), ref: 008F2A31
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000404,00000001,00000000), ref: 008F2A42
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000000,static,?,50000000,?,00000041,00000500,-00000027,00000000,00000000,00000000), ref: 008F2A77
                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 008F2A82
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000030,00000000,?,50000000), ref: 008F2A8D
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000004,?,50000000,?,00000004,00000500,-00000017,00000000,00000000,00000000,?,88C00000,000000FF,?,?,?), ref: 008F2A97
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Create$MessageSend$ObjectRect$Stock$AdjustCapsClientDeleteDestroyDeviceFaceFontInfoParametersSelectShowSystemText
                                                                                                                                                                                                                                                                                                                                                                        • String ID: AutoIt v3$DISPLAY$msctls_progress32$static
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2910397461-517079104
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b3b1ff1df70eebab397c6c6e9fed0e7712d7d56bf8c287a6599ffca6a1956c75
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4f69484e124941d7f45cacb02607f708f5202ac6e95f9417cd98e0dd916ab534
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b3b1ff1df70eebab397c6c6e9fed0e7712d7d56bf8c287a6599ffca6a1956c75
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D7B15CB5A50219AFEB14DFA8CC49FAE7BA9FB49710F108214FA14E7290D770ED40DB90
                                                                                                                                                                                                                                                                                                                                                                        Function 008E4ADF Relevance: 45.7, APIs: 3, Strings: 23, Instructions: 191COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 008E4AED
                                                                                                                                                                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?,0090CB68,?,\\.\,0090CC08), ref: 008E4BCA
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,0090CB68,?,\\.\,0090CC08), ref: 008E4D36
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$DriveType
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 1394$ATA$ATAPI$CDROM$Fibre$FileBackedVirtual$Fixed$MMC$Network$PhysicalDrive$RAID$RAMDisk$Removable$SAS$SATA$SCSI$SSA$SSD$USB$Unknown$Virtual$\\.\$iSCSI
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2907320926-4222207086
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 34d338d3a82ce1c16a3872ae9f73cac688753dc293e064938ed8719ca3f043b7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 49996e6f81d96703908c1d8150ad63584f20e0c3dd71e98db69a2c10db0d5388
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 34d338d3a82ce1c16a3872ae9f73cac688753dc293e064938ed8719ca3f043b7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F619030609249ABCB14DF29C98296977F1FB86308F34E015F80EEB691DB35ED41DB52
                                                                                                                                                                                                                                                                                                                                                                        Function 009073E8 Relevance: 39.2, APIs: 26, Instructions: 201windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000012), ref: 00907421
                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 00907425
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColorBrush.USER32(0000000F), ref: 0090743B
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00907446
                                                                                                                                                                                                                                                                                                                                                                        • CreateSolidBrush.GDI32(?), ref: 0090744B
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000011), ref: 00907463
                                                                                                                                                                                                                                                                                                                                                                        • CreatePen.GDI32(00000000,00000001,00743C00), ref: 00907471
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00907482
                                                                                                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,00000000), ref: 0090748B
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 00907498
                                                                                                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FF,000000FF), ref: 009074B7
                                                                                                                                                                                                                                                                                                                                                                        • RoundRect.GDI32(?,?,?,?,?,00000005,00000005), ref: 009074CE
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(00000000,000000F0), ref: 009074DB
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000000E,00000000,00000000), ref: 0090752A
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00907554
                                                                                                                                                                                                                                                                                                                                                                        • InflateRect.USER32(?,000000FD,000000FD), ref: 00907572
                                                                                                                                                                                                                                                                                                                                                                        • DrawFocusRect.USER32(?,?), ref: 0090757D
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000011), ref: 0090758E
                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,00000000), ref: 00907596
                                                                                                                                                                                                                                                                                                                                                                        • DrawTextW.USER32(?,009070F5,000000FF,?,00000000), ref: 009075A8
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 009075BF
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 009075CA
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 009075D0
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 009075D5
                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 009075DB
                                                                                                                                                                                                                                                                                                                                                                        • SetBkColor.GDI32(?,?), ref: 009075E5
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Color$Object$Text$RectSelect$BrushCreateDeleteDrawInflateWindow$FocusLongMessageRoundSendSolid
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1996641542-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d134b9665d17c850c5fb2fdb88df0f922287d48bc66bf2d051359942663ac08d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d69b70b8f7ae0462a1c6196eeb87db4c7de145aa5c27d0e84976cccea9c2dcee
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d134b9665d17c850c5fb2fdb88df0f922287d48bc66bf2d051359942663ac08d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 10616276D08218AFDF019FA4DC49AEEBF79EB09320F104215F911AB2E1D775A940DB90
                                                                                                                                                                                                                                                                                                                                                                        Function 00900FF3 Relevance: 37.0, APIs: 18, Strings: 3, Instructions: 284windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00901128
                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 0090113D
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00901144
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00901199
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 009011B9
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,7FFFFFFD,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 009011ED
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 0090120B
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 0090121D
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000421,?,?), ref: 00901232
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,0000041D,00000000,00000000), ref: 00901245
                                                                                                                                                                                                                                                                                                                                                                        • IsWindowVisible.USER32(00000000), ref: 009012A1
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000412,00000000,D8F0D8F0), ref: 009012BC
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000411,00000001,00000030), ref: 009012D0
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 009012E8
                                                                                                                                                                                                                                                                                                                                                                        • MonitorFromPoint.USER32(?,?,00000002), ref: 0090130E
                                                                                                                                                                                                                                                                                                                                                                        • GetMonitorInfoW.USER32(00000000,?), ref: 00901328
                                                                                                                                                                                                                                                                                                                                                                        • CopyRect.USER32(?,?), ref: 0090133F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000412,00000000), ref: 009013AA
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSendWindow$Rect$Monitor$CopyCreateCursorDesktopDestroyFromInfoLongPointVisible
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ($0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 698492251-4156429822
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d1ef8fc518506cb8d3005e1786ced8cc654eb6b517675aefce51b006265b5bbe
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 60dc96cab401728080d8681f473ab7e143f948d7cd0b9fa37bcf60ecf615025b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d1ef8fc518506cb8d3005e1786ced8cc654eb6b517675aefce51b006265b5bbe
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5B17C71608341AFD714DF68C884B6ABBE8FF84754F00891DF999DB2A1CB71E845CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 00900241 Relevance: 35.4, APIs: 7, Strings: 13, Instructions: 391windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 009002E5
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0090031F
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00900389
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 009003F1
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00900475
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001032,00000000,00000000), ref: 009004C5
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 00900504
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088F9F2: _wcslen.LIBCMT ref: 0088F9FD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D223F: SendMessageW.USER32(?,00001004,00000000,00000000), ref: 008D2258
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D223F: SendMessageW.USER32(?,0000102C,00000000,00000002), ref: 008D228A
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                        • String ID: DESELECT$FINDITEM$GETITEMCOUNT$GETSELECTED$GETSELECTEDCOUNT$GETSUBITEMCOUNT$GETTEXT$ISSELECTED$SELECT$SELECTALL$SELECTCLEAR$SELECTINVERT$VIEWCHANGE
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1103490817-719923060
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f7aa96fc1e1b79f71f48af20ca3aad146177d093b3d60ac5b8e948bc5bbd0b2a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5590849f486f15c63c1666ccf1f6cbeeee5673565f78c8a9ea4dc5b5ba7c0bce
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7aa96fc1e1b79f71f48af20ca3aad146177d093b3d60ac5b8e948bc5bbd0b2a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9EE17C312082018FC724DF28C951A2AB7E6FFD8714F148A5DF89A9B3A5DB31ED45CB52
                                                                                                                                                                                                                                                                                                                                                                        Function 00888891 Relevance: 33.5, APIs: 18, Strings: 1, Instructions: 282windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 00888968
                                                                                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000007), ref: 00888970
                                                                                                                                                                                                                                                                                                                                                                        • SystemParametersInfoW.USER32(00000030,00000000,000000FF,00000000), ref: 0088899B
                                                                                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000008), ref: 008889A3
                                                                                                                                                                                                                                                                                                                                                                        • GetSystemMetrics.USER32(00000004), ref: 008889C8
                                                                                                                                                                                                                                                                                                                                                                        • SetRect.USER32(000000FF,00000000,00000000,000000FF,000000FF), ref: 008889E5
                                                                                                                                                                                                                                                                                                                                                                        • AdjustWindowRectEx.USER32(000000FF,?,00000000,?), ref: 008889F5
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,AutoIt v3 GUI,?,?,?,000000FF,000000FF,000000FF,?,00000000,00000000), ref: 00888A28
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EB,00000000), ref: 00888A3C
                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(00000000,000000FF), ref: 00888A5A
                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00888A76
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 00888A81
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088912D: GetCursorPos.USER32(?), ref: 00889141
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088912D: ScreenToClient.USER32(00000000,?), ref: 0088915E
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088912D: GetAsyncKeyState.USER32(00000001), ref: 00889183
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088912D: GetAsyncKeyState.USER32(00000002), ref: 0088919D
                                                                                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(00000000,00000000,00000028,008890FC), ref: 00888AA8
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: System$MetricsRectWindow$AsyncClientInfoParametersState$AdjustCreateCursorLongMessageObjectScreenSendStockTimer
                                                                                                                                                                                                                                                                                                                                                                        • String ID: AutoIt v3 GUI
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1458621304-248962490
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4ce194bffa2af945f29a0d9a7523e96a17fa1b6091bc0caa31574c9c5f8d4282
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7f8fad257259a88269d16fd6917e85a8f2bb579c297b2c090197105a2d7ec0b3
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4ce194bffa2af945f29a0d9a7523e96a17fa1b6091bc0caa31574c9c5f8d4282
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7DB16775A1420AEFDB14EFA8DC85FAA3BB5FB48314F104229FA15E7290DB34E840DB51
                                                                                                                                                                                                                                                                                                                                                                        Function 008D0D8B Relevance: 31.7, APIs: 21, Instructions: 202memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D10F9: GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 008D1114
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D10F9: GetLastError.KERNEL32(?,00000000,00000000,?,?,008D0B9B,?,?,?), ref: 008D1120
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D10F9: GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,008D0B9B,?,?,?), ref: 008D112F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D10F9: HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,008D0B9B,?,?,?), ref: 008D1136
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D10F9: GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 008D114D
                                                                                                                                                                                                                                                                                                                                                                        • GetSecurityDescriptorDacl.ADVAPI32(?,?,?,?), ref: 008D0DF5
                                                                                                                                                                                                                                                                                                                                                                        • GetAclInformation.ADVAPI32(?,?,0000000C,00000002), ref: 008D0E29
                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 008D0E40
                                                                                                                                                                                                                                                                                                                                                                        • GetAce.ADVAPI32(?,00000000,?), ref: 008D0E7A
                                                                                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,?,?), ref: 008D0E96
                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?), ref: 008D0EAD
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000008), ref: 008D0EB5
                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 008D0EBC
                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000008,?), ref: 008D0EDD
                                                                                                                                                                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000), ref: 008D0EE4
                                                                                                                                                                                                                                                                                                                                                                        • AddAce.ADVAPI32(?,00000002,000000FF,00000000,?), ref: 008D0F13
                                                                                                                                                                                                                                                                                                                                                                        • SetSecurityDescriptorDacl.ADVAPI32(?,00000001,?,00000000), ref: 008D0F35
                                                                                                                                                                                                                                                                                                                                                                        • SetUserObjectSecurity.USER32(?,00000004,?), ref: 008D0F47
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008D0F6E
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 008D0F75
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008D0F7E
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 008D0F85
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008D0F8E
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 008D0F95
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 008D0FA1
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 008D0FA8
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D1193: GetProcessHeap.KERNEL32(00000008,008D0BB1,?,00000000,?,008D0BB1,?), ref: 008D11A1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D1193: HeapAlloc.KERNEL32(00000000,?,00000000,?,008D0BB1,?), ref: 008D11A8
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D1193: InitializeSecurityDescriptor.ADVAPI32(00000000,00000001,?,00000000,?,008D0BB1,?), ref: 008D11B7
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$Security$Free$AllocDescriptorLengthObjectUser$Dacl$CopyErrorInformationInitializeLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4175595110-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a1895e1a30a90a5a011c396e8325ee78300ba7c95ee12793ab7e1a1d6347b992
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 151e03d17dc7517e895989ee18b5ad10913183cf4c2e32bab5ac2a5f1169d660
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1895e1a30a90a5a011c396e8325ee78300ba7c95ee12793ab7e1a1d6347b992
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4E714AB290420AAFDF209FA5DC48BEEBBB8FF04310F144216F959E6291DB719905DF60
                                                                                                                                                                                                                                                                                                                                                                        Function 008FC3B7 Relevance: 30.2, APIs: 11, Strings: 6, Instructions: 495registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008FC4BD
                                                                                                                                                                                                                                                                                                                                                                        • RegCreateKeyExW.ADVAPI32(?,?,00000000,0090CC08,00000000,?,00000000,?,?), ref: 008FC544
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000,00000000,00000000), ref: 008FC5A4
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008FC5F4
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008FC66F
                                                                                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000001,?,?), ref: 008FC6B2
                                                                                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000007,?,?), ref: 008FC7C1
                                                                                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,0000000B,?,00000008), ref: 008FC84D
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 008FC881
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 008FC88E
                                                                                                                                                                                                                                                                                                                                                                        • RegSetValueExW.ADVAPI32(00000001,?,00000000,00000003,00000000,00000000), ref: 008FC960
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Value$Close$_wcslen$ConnectCreateRegistry
                                                                                                                                                                                                                                                                                                                                                                        • String ID: REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_QWORD$REG_SZ
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 9721498-966354055
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e6e6b22e9f4159b1cac69c2ed3c7d4fe8f4d176a3d59321044a0a133ae9478a3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 273c3c05090b5a94c870b4d99416c357c9691ac358cca2851d8d091433cf52e5
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6e6b22e9f4159b1cac69c2ed3c7d4fe8f4d176a3d59321044a0a133ae9478a3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B1256756042059FDB14DF28C981A2AB7E5FF88714F14885CF99ADB3A2DB31ED41CB82
                                                                                                                                                                                                                                                                                                                                                                        Function 0090091E Relevance: 30.1, APIs: 6, Strings: 11, Instructions: 372windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 009009C6
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00900A01
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00900A54
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00900A8A
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00900B06
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00900B81
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088F9F2: _wcslen.LIBCMT ref: 0088F9FD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D2BE8: SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 008D2BFA
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$MessageSend$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                        • String ID: CHECK$COLLAPSE$EXISTS$EXPAND$GETITEMCOUNT$GETSELECTED$GETTEXT$GETTOTALCOUNT$ISCHECKED$SELECT$UNCHECK
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1103490817-4258414348
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a284d5de7ccb54fa6f04457bd70d6b5b6e9408ce10fe041b3a679096bd6e3562
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 987cb2afa442a6a7bbbf4873b5fd7e36a4531ffe856ee74bce2b51795744df92
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a284d5de7ccb54fa6f04457bd70d6b5b6e9408ce10fe041b3a679096bd6e3562
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75E138712087019FCB14DF28C450A2AB7E5FFD9314F148959F89A9B3A2DB31ED45CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 008FC998 Relevance: 30.0, APIs: 7, Strings: 10, Instructions: 242COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                        • String ID: HKCC$HKCR$HKCU$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HKLM$HKU
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1256254125-909552448
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3c57791cff102df5a324cf988e88b46894dcc392e3157ffa8f5bef897160b787
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3541037993a63915a3a670af827ac7d81d9098073e3da11e7ba609822b9c3b31
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3c57791cff102df5a324cf988e88b46894dcc392e3157ffa8f5bef897160b787
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8171D07260012E8BCB20DE7CCE519BA3791FFA0764F250528FA56E7285EA31DF4587A1
                                                                                                                                                                                                                                                                                                                                                                        Function 0090833C Relevance: 29.9, APIs: 14, Strings: 3, Instructions: 196windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0090835A
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 0090836E
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00908391
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 009083B4
                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00002010), ref: 009083F2
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(?,00000000,00000032,00000000,?,?,?,?,?,00905BF2), ref: 0090844E
                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00908487
                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,?,?,00000000), ref: 009084CA
                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(?,?,00000001,?,?,00000000), ref: 00908501
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(?), ref: 0090850D
                                                                                                                                                                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,00000000,00000000,00000000,00000001), ref: 0090851D
                                                                                                                                                                                                                                                                                                                                                                        • DestroyIcon.USER32(?,?,?,?,?,00905BF2), ref: 0090852C
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000170,00000000,00000000), ref: 00908549
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000064,00000172,00000001), ref: 00908555
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Load$Image_wcslen$IconLibraryMessageSend$DestroyExtractFree
                                                                                                                                                                                                                                                                                                                                                                        • String ID: .dll$.exe$.icl
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 799131459-1154884017
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2485f32a355216124ee46851ee8ce329364a86d25c591c81b003782fbc5f8d04
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3a541b519e0f96f20461c26bc3ad38b51608b0441b927ebd7f5d97c1e657f6fa
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2485f32a355216124ee46851ee8ce329364a86d25c591c81b003782fbc5f8d04
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4D61ADB1614219BEEB249F64CC81BBF7BACFB04B21F104649F855D61E1DB74A980DBA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00877778 Relevance: 28.3, APIs: 1, Strings: 15, Instructions: 273COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: "$#OnAutoItStartRegister$#ce$#comments-end$#comments-start$#cs$#include$#include-once$#notrayicon$#pragma compile$#requireadmin$'$Bad directive syntax error$Cannot parse #include$Unterminated group of comments
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-1645009161
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 90c31dca8ee2c73b788cfbd417f59b3a220b014e4c135d17e0b192408e062c56
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6f26da8caa28f74656ed853a65bc7b8fbc5f53a55c9fc305f7cba849166e089a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 90c31dca8ee2c73b788cfbd417f59b3a220b014e4c135d17e0b192408e062c56
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0B81F971604205BFDB25BF68CC92FAE3768FF55344F048024F909EA29AEB70DA51D792
                                                                                                                                                                                                                                                                                                                                                                        Function 008D5A1B Relevance: 27.2, APIs: 18, Instructions: 198windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(00000063), ref: 008D5A2E
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000080,00000000,00000000), ref: 008D5A40
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 008D5A57
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 008D5A6C
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 008D5A72
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 008D5A82
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(00000000,?), ref: 008D5A88
                                                                                                                                                                                                                                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000CC,?,00000000), ref: 008D5AA9
                                                                                                                                                                                                                                                                                                                                                                        • SendDlgItemMessageW.USER32(?,000003E9,000000C5,00000000,00000000), ref: 008D5AC3
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 008D5ACC
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008D5B33
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,?), ref: 008D5B6F
                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 008D5B75
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 008D5B7C
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,00000080,00000000,?,00000000), ref: 008D5BD3
                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 008D5BE0
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000005,00000000,?), ref: 008D5C05
                                                                                                                                                                                                                                                                                                                                                                        • SetTimer.USER32(?,0000040A,00000000,00000000), ref: 008D5C2F
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ItemMessageText$RectSend$ClientDesktopIconLoadMovePostTimer_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 895679908-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3a259d916faaae942bc2eea08908321fffd138be7cfdec8a7a57448e66a53e07
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: af21d30057abdbeeed54ab89ccf5223eee542544d6d352a27e7b7cf7c1594eba
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3a259d916faaae942bc2eea08908321fffd138be7cfdec8a7a57448e66a53e07
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D9717E71900B09AFDB20DFA8CE85A6EBBF5FF48714F104A1AE142E26A0D775E940DB50
                                                                                                                                                                                                                                                                                                                                                                        Function 008900C6 Relevance: 26.3, APIs: 10, Strings: 5, Instructions: 81COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __scrt_initialize_thread_safe_statics_platform_specific.LIBCMT ref: 008900C6
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008900ED: InitializeCriticalSectionAndSpinCount.KERNEL32(0094070C,00000FA0,5E002DA0,?,?,?,?,008B23B3,000000FF), ref: 0089011C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008900ED: GetModuleHandleW.KERNEL32(api-ms-win-core-synch-l1-2-0.dll,?,?,?,?,008B23B3,000000FF), ref: 00890127
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008900ED: GetModuleHandleW.KERNEL32(kernel32.dll,?,?,?,?,008B23B3,000000FF), ref: 00890138
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008900ED: GetProcAddress.KERNEL32(00000000,InitializeConditionVariable), ref: 0089014E
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008900ED: GetProcAddress.KERNEL32(00000000,SleepConditionVariableCS), ref: 0089015C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008900ED: GetProcAddress.KERNEL32(00000000,WakeAllConditionVariable), ref: 0089016A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008900ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 00890195
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008900ED: __crt_fast_encode_pointer.LIBVCRUNTIME ref: 008901A0
                                                                                                                                                                                                                                                                                                                                                                        • ___scrt_fastfail.LIBCMT ref: 008900E7
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008900A3: __onexit.LIBCMT ref: 008900A9
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        • kernel32.dll, xrefs: 00890133
                                                                                                                                                                                                                                                                                                                                                                        • WakeAllConditionVariable, xrefs: 00890162
                                                                                                                                                                                                                                                                                                                                                                        • api-ms-win-core-synch-l1-2-0.dll, xrefs: 00890122
                                                                                                                                                                                                                                                                                                                                                                        • InitializeConditionVariable, xrefs: 00890148
                                                                                                                                                                                                                                                                                                                                                                        • SleepConditionVariableCS, xrefs: 00890154
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AddressProc$HandleModule__crt_fast_encode_pointer$CountCriticalInitializeSectionSpin___scrt_fastfail__onexit__scrt_initialize_thread_safe_statics_platform_specific
                                                                                                                                                                                                                                                                                                                                                                        • String ID: InitializeConditionVariable$SleepConditionVariableCS$WakeAllConditionVariable$api-ms-win-core-synch-l1-2-0.dll$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 66158676-1714406822
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e4c83bc3f7d09a78ff8c0be29c37afb57887b41ecc245cee9952effa1859f2a2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 84466dd44e6f615d62cc28bb9e5cca271525be9cb11a153009fdc564f238ac03
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e4c83bc3f7d09a78ff8c0be29c37afb57887b41ecc245cee9952effa1859f2a2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 15210B7265D710AFDB207BA4AC09F6A37D4FB85B55F04023AF901E76D1DB749C009E91
                                                                                                                                                                                                                                                                                                                                                                        Function 008D30F7 Relevance: 24.9, APIs: 8, Strings: 6, Instructions: 400COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: CLASS$CLASSNN$INSTANCE$NAME$REGEXPCLASS$TEXT
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 176396367-1603158881
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f2998ec80bf3ec417e3da645d15f7290c535f6475325b976b9c884a1fb0b34f9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6f6b883c605cc231bf5f1db66734551ea28ba24af45dbfe6e8fee32329e4c371
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2998ec80bf3ec417e3da645d15f7290c535f6475325b976b9c884a1fb0b34f9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 91E1E732A00616ABCF189F68C451AEDFBB1FF54714F14832AE456F7340DB30AE458B92
                                                                                                                                                                                                                                                                                                                                                                        Function 008E44C0 Relevance: 24.8, APIs: 7, Strings: 7, Instructions: 309COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CharLowerBuffW.USER32(00000000,00000000,0090CC08), ref: 008E4527
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008E453B
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008E4599
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008E45F4
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008E463F
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008E46A7
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088F9F2: _wcslen.LIBCMT ref: 0088F9FD
                                                                                                                                                                                                                                                                                                                                                                        • GetDriveTypeW.KERNEL32(?,00936BF0,00000061), ref: 008E4743
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharDriveLowerType
                                                                                                                                                                                                                                                                                                                                                                        • String ID: all$cdrom$fixed$network$ramdisk$removable$unknown
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2055661098-1000479233
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dcfdc99a0f7529d579469a060d685a86fdcbdd69ddf33c1fcd35050b659d1ec3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4ef330531ea0f8f72ccf1b4035642707e7385dd017871a1c06f5a8814eb90071
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dcfdc99a0f7529d579469a060d685a86fdcbdd69ddf33c1fcd35050b659d1ec3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8DB1F3716083429FC710DF2AC890A6EB7E5FFA6724F50992DF49AC72A1D730D845CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 0087326F Relevance: 23.0, APIs: 12, Strings: 1, Instructions: 214windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00941990), ref: 008B2F8D
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00941990), ref: 008B303D
                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 008B3081
                                                                                                                                                                                                                                                                                                                                                                        • SetForegroundWindow.USER32(00000000), ref: 008B308A
                                                                                                                                                                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(00941990,00000000,?,00000000,00000000,00000000), ref: 008B309D
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000000,00000000,00000000), ref: 008B30A9
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$CountItem$CursorForegroundMessagePopupPostTrackWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 36266755-4108050209
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 838d31bbcbc31d49ccc77d3b4dfda258e6478288de6b8aa7f521392387a58143
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: dbc1a6d593331c07449b51c3f08000056ee058533554282f446c503585c6ba6e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 838d31bbcbc31d49ccc77d3b4dfda258e6478288de6b8aa7f521392387a58143
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1971F770644205BEEB359F29CC49FEABF64FF05364F204216F528E62E1C7B1A910E751
                                                                                                                                                                                                                                                                                                                                                                        Function 00906CD9 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 194windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,?), ref: 00906DEB
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00876B57: _wcslen.LIBCMT ref: 00876B6A
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00000000,?), ref: 00906E5F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000433,00000000,00000030), ref: 00906E81
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00906E94
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00906EB5
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(00000008,tooltips_class32,00000000,?,80000000,80000000,80000000,80000000,?,00000000,00870000,00000000), ref: 00906EE4
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000432,00000000,00000030), ref: 00906EFD
                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 00906F16
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000), ref: 00906F1D
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000418,00000000,?), ref: 00906F35
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000421,?,00000000), ref: 00906F4D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889944: GetWindowLongW.USER32(?,000000EB), ref: 00889952
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$MessageSend$CreateDestroy$DesktopLongRect_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0$tooltips_class32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2429346358-3619404913
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 039d583aeb0261872f021a749fc8bec84a76dd2e417df58bf1937a394c6f90c4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b60aead9fd6cbc00c24cf0408c2bf3cd78e5a5a80c24cd680b7591c45d902b7c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 039d583aeb0261872f021a749fc8bec84a76dd2e417df58bf1937a394c6f90c4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 267169B4108345AFDB21CF18DC44EAABBE9FB89304F04491DFA99C72A1C771E956DB12
                                                                                                                                                                                                                                                                                                                                                                        Function 0090911E Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 181windowfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00889BB2
                                                                                                                                                                                                                                                                                                                                                                        • DragQueryPoint.SHELL32(?,?), ref: 00909147
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00907674: ClientToScreen.USER32(?,?), ref: 0090769A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00907674: GetWindowRect.USER32(?,?), ref: 00907710
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00907674: PtInRect.USER32(?,?,00908B89), ref: 00907720
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 009091B0
                                                                                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(?,000000FF,00000000,00000000), ref: 009091BB
                                                                                                                                                                                                                                                                                                                                                                        • DragQueryFileW.SHELL32(?,00000000,?,00000104), ref: 009091DE
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00909225
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 0090923E
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00909255
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,?,?), ref: 00909277
                                                                                                                                                                                                                                                                                                                                                                        • DragFinish.SHELL32(?), ref: 0090927E
                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000233,?,00000000,?,?,?), ref: 00909371
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Drag$Query$FileRectWindow$ClientFinishLongPointProcScreen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DRAGID$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 221274066-3440237614
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 572d906ba52f0a9104e0e64bf1e123438c3c7ee2e4d52034ade4e936a26ee6e9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a51ec12a84ad15266634f4880a5168274414c2bb34cd2777f70bc94a76e9cc82
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 572d906ba52f0a9104e0e64bf1e123438c3c7ee2e4d52034ade4e936a26ee6e9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88615671108301AFC715EF64DC85DAFBBE8FBC9750F004A2EF5A5921A1DB309A49CB52
                                                                                                                                                                                                                                                                                                                                                                        Function 008EC476 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 143networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 008EC4B0
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 008EC4C3
                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 008EC4D7
                                                                                                                                                                                                                                                                                                                                                                        • HttpOpenRequestW.WININET(00000000,00000000,?,00000000,00000000,00000000,?,00000000), ref: 008EC4F0
                                                                                                                                                                                                                                                                                                                                                                        • InternetQueryOptionW.WININET(00000000,0000001F,?,?), ref: 008EC533
                                                                                                                                                                                                                                                                                                                                                                        • InternetSetOptionW.WININET(00000000,0000001F,00000100,00000004), ref: 008EC549
                                                                                                                                                                                                                                                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008EC554
                                                                                                                                                                                                                                                                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 008EC584
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000003,?,?,?,?,?,?), ref: 008EC5DC
                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000003,?,?,?,?,?,?), ref: 008EC5F0
                                                                                                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 008EC5FB
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Internet$Http$ErrorEventLastOptionQueryRequest$CloseConnectHandleInfoOpenSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3800310941-3916222277
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d3428389f579f3ff4f2462bc4ecbb01a877f11341450b3317be0dab36f813bde
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 185c9d2a7c5c34e4675baeff887267909428d1a593ae0a9b5097aef96bee6e16
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d3428389f579f3ff4f2462bc4ecbb01a877f11341450b3317be0dab36f813bde
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A518CB0904349BFDB219F66C988AAB7BFCFF0A344F00451AF946D6250DB30E945EB60
                                                                                                                                                                                                                                                                                                                                                                        Function 0090856F Relevance: 22.6, APIs: 15, Instructions: 131filecommemoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,80000000,00000000,00000000,00000003,00000000,00000000,00000000,?,?,?,?,?,00000000,?,000000EC), ref: 00908592
                                                                                                                                                                                                                                                                                                                                                                        • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009085A2
                                                                                                                                                                                                                                                                                                                                                                        • GlobalAlloc.KERNEL32(00000002,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009085AD
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009085BA
                                                                                                                                                                                                                                                                                                                                                                        • GlobalLock.KERNEL32(00000000), ref: 009085C8
                                                                                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(00000000,00000000,00000000,?,00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009085D7
                                                                                                                                                                                                                                                                                                                                                                        • GlobalUnlock.KERNEL32(00000000), ref: 009085E0
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009085E7
                                                                                                                                                                                                                                                                                                                                                                        • CreateStreamOnHGlobal.OLE32(00000000,00000001,000000F0,?,?,?,?,00000000,?,000000EC,?,000000F0), ref: 009085F8
                                                                                                                                                                                                                                                                                                                                                                        • OleLoadPicture.OLEAUT32(000000F0,00000000,00000000,0090FC38,?), ref: 00908611
                                                                                                                                                                                                                                                                                                                                                                        • GlobalFree.KERNEL32(00000000), ref: 00908621
                                                                                                                                                                                                                                                                                                                                                                        • GetObjectW.GDI32(?,00000018,?), ref: 00908641
                                                                                                                                                                                                                                                                                                                                                                        • CopyImage.USER32(?,00000000,00000000,?,00002000), ref: 00908671
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 00908699
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000172,00000000,00000000), ref: 009086AF
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Global$File$CloseCreateHandleObject$AllocCopyDeleteFreeImageLoadLockMessagePictureReadSendSizeStreamUnlock
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3840717409-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7608e67a0353bde0c70d8df6654b44a9128662c198046cf90a494740ead80d2c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fa843e2b77badd23fb73352123aeb272d4b291272f99430d45f4464ffa9f909a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7608e67a0353bde0c70d8df6654b44a9128662c198046cf90a494740ead80d2c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CD4149B1610204EFDB119FA9CC88EAB7BBCFF89B11F108158F955E72A0DB319901DB20
                                                                                                                                                                                                                                                                                                                                                                        Function 008E14BD Relevance: 21.4, APIs: 10, Strings: 2, Instructions: 360timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(00000000), ref: 008E1502
                                                                                                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 008E150B
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 008E1517
                                                                                                                                                                                                                                                                                                                                                                        • VariantTimeToSystemTime.OLEAUT32(?,?,?), ref: 008E15FB
                                                                                                                                                                                                                                                                                                                                                                        • VarR8FromDec.OLEAUT32(?,?), ref: 008E1657
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 008E1708
                                                                                                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 008E178C
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 008E17D8
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 008E17E7
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(00000000), ref: 008E1823
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit$Time$CopyFreeFromStringSystem
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %4d%02d%02d%02d%02d%02d$Default
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1234038744-3931177956
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ce1b2268851be7c2a630c29f5c3f75e22953913a2d184baa0a19a82c21e3498f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f7fdad4860e7ef7a2b1b646b1b900d7f4f484d5734276fae3a7b30cff3dd54d6
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ce1b2268851be7c2a630c29f5c3f75e22953913a2d184baa0a19a82c21e3498f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2BD1F171A00149EBDF00AF6AD889BBDB7B5FF46704F10815AE946EB195DB30DC40DB52
                                                                                                                                                                                                                                                                                                                                                                        Function 008FB60E Relevance: 21.3, APIs: 10, Strings: 2, Instructions: 285registrylibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,008FB6AE,?,?), ref: 008FC9B5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FC998: _wcslen.LIBCMT ref: 008FC9F1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FC998: _wcslen.LIBCMT ref: 008FCA68
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FC998: _wcslen.LIBCMT ref: 008FCA9E
                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008FB6F4
                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 008FB772
                                                                                                                                                                                                                                                                                                                                                                        • RegDeleteValueW.ADVAPI32(?,?), ref: 008FB80A
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 008FB87E
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 008FB89C
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(advapi32.dll), ref: 008FB8F2
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 008FB904
                                                                                                                                                                                                                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 008FB922
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 008FB983
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 008FB994
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$Close$DeleteLibrary$AddressBuffCharConnectFreeLoadOpenProcRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 146587525-4033151799
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fa888fc9f2ff0a8923f45335e2b99a51a25f50c19417c141f90258ca26b5630a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a43c992291bbe9a5e9c646090ab454f7ae597c5e6f4c781e86aa87c257811d0d
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fa888fc9f2ff0a8923f45335e2b99a51a25f50c19417c141f90258ca26b5630a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BEC19C30208205AFD714DF28C495F2ABBE5FF85318F14855CF69A8B2A2CB71ED45CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 008F255C Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 169windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 008F25D8
                                                                                                                                                                                                                                                                                                                                                                        • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 008F25E8
                                                                                                                                                                                                                                                                                                                                                                        • CreateCompatibleDC.GDI32(?), ref: 008F25F4
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,?), ref: 008F2601
                                                                                                                                                                                                                                                                                                                                                                        • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000006,?,?,?,00CC0020), ref: 008F266D
                                                                                                                                                                                                                                                                                                                                                                        • GetDIBits.GDI32(?,?,00000000,00000000,00000000,00000028,00000000), ref: 008F26AC
                                                                                                                                                                                                                                                                                                                                                                        • GetDIBits.GDI32(?,?,00000000,?,00000000,00000028,00000000), ref: 008F26D0
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,?), ref: 008F26D8
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(?), ref: 008F26E1
                                                                                                                                                                                                                                                                                                                                                                        • DeleteDC.GDI32(?), ref: 008F26E8
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,?), ref: 008F26F3
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Object$BitsCompatibleCreateDeleteSelect$BitmapReleaseStretch
                                                                                                                                                                                                                                                                                                                                                                        • String ID: (
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2598888154-3887548279
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 800681886fb2f25dde6a73f7d345cd8ca3adcaf732a394efa384482a890b822a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6446f719fd504e21d7e6f82496fcec41ecd77c53fff5e6cd2973663cff446388
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 800681886fb2f25dde6a73f7d345cd8ca3adcaf732a394efa384482a890b822a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A61F2B5D04219EFCF04CFA8D884AAEBBB5FF48310F208529EA55E7250D774A951DFA0
                                                                                                                                                                                                                                                                                                                                                                        Function 008ADA5D Relevance: 19.6, APIs: 13, Instructions: 114COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ___free_lconv_mon.LIBCMT ref: 008ADAA1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008AD63C: _free.LIBCMT ref: 008AD659
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008AD63C: _free.LIBCMT ref: 008AD66B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008AD63C: _free.LIBCMT ref: 008AD67D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008AD63C: _free.LIBCMT ref: 008AD68F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008AD63C: _free.LIBCMT ref: 008AD6A1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008AD63C: _free.LIBCMT ref: 008AD6B3
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008AD63C: _free.LIBCMT ref: 008AD6C5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008AD63C: _free.LIBCMT ref: 008AD6D7
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008AD63C: _free.LIBCMT ref: 008AD6E9
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008AD63C: _free.LIBCMT ref: 008AD6FB
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008AD63C: _free.LIBCMT ref: 008AD70D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008AD63C: _free.LIBCMT ref: 008AD71F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008AD63C: _free.LIBCMT ref: 008AD731
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ADA96
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008AD7D1,00000000,00000000,00000000,00000000,?,008AD7F8,00000000,00000007,00000000,?,008ADBF5,00000000), ref: 008A29DE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A29C8: GetLastError.KERNEL32(00000000,?,008AD7D1,00000000,00000000,00000000,00000000,?,008AD7F8,00000000,00000007,00000000,?,008ADBF5,00000000,00000000), ref: 008A29F0
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ADAB8
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ADACD
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ADAD8
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ADAFA
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ADB0D
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ADB1B
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ADB26
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ADB5E
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ADB65
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ADB82
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ADB9A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast___free_lconv_mon
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 161543041-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c66779002743edda088f4ee6c70ca7b1605299b5c5abde62bc55d7907a66f930
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 60d63b7e9569ed2a10bb0115fe4a299bb5f5be75133ba7d1d5dfc175defe9305
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c66779002743edda088f4ee6c70ca7b1605299b5c5abde62bc55d7907a66f930
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A3159326047049FFB71AA3CE845B5B7BE8FF02720F154419E54AD7D91DA30AC418B22
                                                                                                                                                                                                                                                                                                                                                                        Function 008D365B Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 267windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 008D369C
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008D36A7
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(?,?,00000101,00000000,00000002,00001388,?), ref: 008D3797
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 008D380C
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(?), ref: 008D385D
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 008D3882
                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 008D38A0
                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(00000000), ref: 008D38A7
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 008D3921
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 008D395D
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassName$Window$ClientCtrlMessageParentRectScreenSendTextTimeout_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s%u
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4010501982-679674701
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b6f80738483036d3a08b74cfb0cd45fbe64c160442dcf19f735f94dcba0bd59a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 581956f62ebd944450536b2e45a2ba8b0a3a6dc84283f6090e0db4fb27c0fb8b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b6f80738483036d3a08b74cfb0cd45fbe64c160442dcf19f735f94dcba0bd59a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2291C471204606BFD719DF64C895FAAF7A8FF44354F00872AF999D2290DB30EA45CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 008D4954 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 253COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 008D4994
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 008D49DA
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008D49EB
                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,00000000), ref: 008D49F7
                                                                                                                                                                                                                                                                                                                                                                        • _wcsstr.LIBVCRUNTIME ref: 008D4A2C
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 008D4A64
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(?,?,00000400), ref: 008D4A9D
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(00000018,?,00000400), ref: 008D4AE6
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000400), ref: 008D4B20
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 008D4B8B
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassName$Window$Text$BuffCharRectUpper_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ThumbnailClass
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1311036022-1241985126
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f2719ab78c458d8cf347ab44f92e72fed02fe8a33e385ba45b010af82f490aaf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d9c80e66d64a928a39b194ce3563141f7593f961e22c4b35ff7b96d2f4edaa7a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2719ab78c458d8cf347ab44f92e72fed02fe8a33e385ba45b010af82f490aaf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6591DC710082069FDB04DF54C885FAA77A8FF94314F04966BFD85DA296DB30ED45CBA2
                                                                                                                                                                                                                                                                                                                                                                        Function 00908D0E Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 221windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00889BB2
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 00908D5A
                                                                                                                                                                                                                                                                                                                                                                        • GetFocus.USER32 ref: 00908D6A
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgCtrlID.USER32(00000000), ref: 00908D75
                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000111,?,?,00000000,?,?,?,?,?,?,?), ref: 00908E1D
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,00000000,00000000,?), ref: 00908ECF
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(?), ref: 00908EEC
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,00000000), ref: 00908EFC
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,-00000001,00000001,?), ref: 00908F2E
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000001,?), ref: 00908F70
                                                                                                                                                                                                                                                                                                                                                                        • CheckMenuRadioItem.USER32(?,00000000,?,00000000,00000400), ref: 00908FA1
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ItemMenu$Info$CheckCountCtrlFocusLongMessagePostProcRadioWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1026556194-4108050209
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 343c5284b888e1bc7f24529ce36d025f7b61c5777fe2a16f4bd567bb2d91eeed
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c18fbcf1cfd81d3d6cbdc23ff4ba72ca8601f7e2baa7f4a2b1901d7dc3fba43e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 343c5284b888e1bc7f24529ce36d025f7b61c5777fe2a16f4bd567bb2d91eeed
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD819F71608301AFDB20DF24D884A6B7BE9FF88754F140A19FA85D72D1DB70D940DBA2
                                                                                                                                                                                                                                                                                                                                                                        Function 008DDC0E Relevance: 19.4, APIs: 6, Strings: 5, Instructions: 178COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetFileVersionInfoSizeW.VERSION(?,?), ref: 008DDC20
                                                                                                                                                                                                                                                                                                                                                                        • GetFileVersionInfoW.VERSION(?,00000000,00000000,00000000,?,?), ref: 008DDC46
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008DDC50
                                                                                                                                                                                                                                                                                                                                                                        • _wcsstr.LIBVCRUNTIME ref: 008DDCA0
                                                                                                                                                                                                                                                                                                                                                                        • VerQueryValueW.VERSION(?,\VarFileInfo\Translation,?,?,?,?,?,?,00000000,?,?), ref: 008DDCBC
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileInfoVersion$QuerySizeValue_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %u.%u.%u.%u$04090000$DefaultLangCodepage$StringFileInfo\$\VarFileInfo\Translation
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1939486746-1459072770
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: addb86faedbbd80ec6dd198ab56b650b50a5f96cf1d964cef19d347206a5723c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: df9014c0289ebd93500176bd14f9d901e44166613e9716b8d90e131b742c15e5
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: addb86faedbbd80ec6dd198ab56b650b50a5f96cf1d964cef19d347206a5723c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B04104729403047BEF10B7689C03EBF77ACFF45750F14416AF904E6282EA74990197A6
                                                                                                                                                                                                                                                                                                                                                                        Function 008FCC34 Relevance: 19.4, APIs: 9, Strings: 2, Instructions: 104registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 008FCC64
                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?,?,?,00000000), ref: 008FCC8D
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 008FCD48
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FCC34: RegCloseKey.ADVAPI32(?,?,?,00000000), ref: 008FCCAA
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FCC34: LoadLibraryA.KERNEL32(advapi32.dll,?,?,00000000), ref: 008FCCBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FCC34: GetProcAddress.KERNEL32(00000000,RegDeleteKeyExW), ref: 008FCCCF
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FCC34: FreeLibrary.KERNEL32(00000000,?,?,00000000), ref: 008FCD05
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FCC34: RegEnumKeyExW.ADVAPI32(?,00000000,?,000000FF,00000000,00000000,00000000,?,?,?,00000000), ref: 008FCD28
                                                                                                                                                                                                                                                                                                                                                                        • RegDeleteKeyW.ADVAPI32(?,?), ref: 008FCCF3
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Library$EnumFree$AddressCloseDeleteLoadOpenProc
                                                                                                                                                                                                                                                                                                                                                                        • String ID: RegDeleteKeyExW$advapi32.dll
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2734957052-4033151799
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d7cad6d908753d111a869d4028451a0b8f2f57586ad33610c350693d1ed65140
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 55455638a3c663dce57adc92e91fbf1bc54dd0417f38cebb974fa7a5bd79861b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7cad6d908753d111a869d4028451a0b8f2f57586ad33610c350693d1ed65140
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E03161B190512DBFDB209B64DD88EFFBB7CEF46754F000165BA05E2140D7349B45EAA0
                                                                                                                                                                                                                                                                                                                                                                        Function 008E3D1E Relevance: 19.4, APIs: 8, Strings: 3, Instructions: 101fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetFullPathNameW.KERNEL32(?,00007FFF,?,?), ref: 008E3D40
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008E3D6D
                                                                                                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 008E3D9D
                                                                                                                                                                                                                                                                                                                                                                        • CreateFileW.KERNEL32(?,40000000,00000000,00000000,00000003,02200000,00000000), ref: 008E3DBE
                                                                                                                                                                                                                                                                                                                                                                        • RemoveDirectoryW.KERNEL32(?), ref: 008E3DCE
                                                                                                                                                                                                                                                                                                                                                                        • DeviceIoControl.KERNEL32(00000000,000900A4,?,?,00000000,00000000,?,00000000), ref: 008E3E55
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 008E3E60
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 008E3E6B
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseCreateDirectoryHandle$ControlDeviceFileFullNamePathRemove_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: :$\$\??\%s
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1149970189-3457252023
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2e316f3aa28f224f2d45cb56b25d55cbdb1cee826183f2e6135d11e3104c5729
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f679865a113ccc163bacd07ebefeeaf35af452523cf56af9d2643be3d9b15449
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e316f3aa28f224f2d45cb56b25d55cbdb1cee826183f2e6135d11e3104c5729
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A31CFB2A14249ABDB219BA5DC48FEB37BCFF89700F5041A5F609D6160EB709B448B24
                                                                                                                                                                                                                                                                                                                                                                        Function 008DE6B0 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 72sleepwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • timeGetTime.WINMM ref: 008DE6B4
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088E551: timeGetTime.WINMM(?,?,008DE6D4), ref: 0088E555
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(0000000A), ref: 008DE6E1
                                                                                                                                                                                                                                                                                                                                                                        • EnumThreadWindows.USER32(?,Function_0006E665,00000000), ref: 008DE705
                                                                                                                                                                                                                                                                                                                                                                        • FindWindowExW.USER32(00000000,00000000,BUTTON,00000000), ref: 008DE727
                                                                                                                                                                                                                                                                                                                                                                        • SetActiveWindow.USER32 ref: 008DE746
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,000000F5,00000000,00000000), ref: 008DE754
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000010,00000000,00000000), ref: 008DE773
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(000000FA), ref: 008DE77E
                                                                                                                                                                                                                                                                                                                                                                        • IsWindow.USER32 ref: 008DE78A
                                                                                                                                                                                                                                                                                                                                                                        • EndDialog.USER32(00000000), ref: 008DE79B
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$MessageSendSleepTimetime$ActiveDialogEnumFindThreadWindows
                                                                                                                                                                                                                                                                                                                                                                        • String ID: BUTTON
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1194449130-3405671355
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8f6c177f0185335a369b4b4f4a0c3dda405a6d2a70404176acfaa50c141d05c6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e92a92f71e538ea0ed6c3407ad30b6d8dfad842e3714643b7ce85f4564b0afb2
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f6c177f0185335a369b4b4f4a0c3dda405a6d2a70404176acfaa50c141d05c6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D32193B822C205AFEB106F65EC89E3A3B69F756349F500627F415C52A1DB72AC40EB25
                                                                                                                                                                                                                                                                                                                                                                        Function 008DE9FC Relevance: 19.3, APIs: 5, Strings: 6, Instructions: 71COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(status PlayMe mode,?,00000100,00000000), ref: 008DEA5D
                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(close PlayMe,00000000,00000000,00000000), ref: 008DEA73
                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(?,00000000,00000000,00000000), ref: 008DEA84
                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(play PlayMe wait,00000000,00000000,00000000), ref: 008DEA96
                                                                                                                                                                                                                                                                                                                                                                        • mciSendStringW.WINMM(play PlayMe,00000000,00000000,00000000), ref: 008DEAA7
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: SendString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: alias PlayMe$close PlayMe$open $play PlayMe$play PlayMe wait$status PlayMe mode
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2420728520-1007645807
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dac226fcbe7ea1f52cadafa466abc573dc3840ac71fefe42508d31f10a30e5c2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5cb1dc2f2d530ac6dad9a530f92de6255e228d0a106f2fe0141ec94b7b4da4dc
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dac226fcbe7ea1f52cadafa466abc573dc3840ac71fefe42508d31f10a30e5c2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24119131A9022979D720B7A6DC4AEFF6B7CFBD1B48F00452AB415E60D4EA704905C9B1
                                                                                                                                                                                                                                                                                                                                                                        Function 008D5CC6 Relevance: 18.2, APIs: 12, Instructions: 173COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000001), ref: 008D5CE2
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 008D5CFB
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,0000000A,00000004,?,?,00000004,00000000), ref: 008D5D59
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,00000002), ref: 008D5D69
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 008D5D7B
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,00000004,00000000,?,00000004,00000000), ref: 008D5DCF
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 008D5DDD
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 008D5DEF
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,0000000A,00000000,?,00000004,00000000), ref: 008D5E31
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003EA), ref: 008D5E44
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(00000000,0000000A,0000000A,?,-00000005,00000000), ref: 008D5E5A
                                                                                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001), ref: 008D5E67
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ItemMoveRect$Invalidate
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3096461208-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 03bc35d9a15aa9992ca83a3a10c048a81d4ba15a00fb3a2e1190b6d97244a846
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 30e4282c605775a7521cff5aa28a02d83457851d091dea047657603cf60d1aba
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 03bc35d9a15aa9992ca83a3a10c048a81d4ba15a00fb3a2e1190b6d97244a846
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A5101B1B10609AFDF18DF68DD89AAE7BB5FB48301F14822AF515E7290D7709E04CB60
                                                                                                                                                                                                                                                                                                                                                                        Function 00888BCD Relevance: 18.2, APIs: 12, Instructions: 168timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00888F62: InvalidateRect.USER32(?,00000000,00000001,?,?,?,00888BE8,?,00000000,?,?,?,?,00888BBA,00000000,?), ref: 00888FC5
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00888C81
                                                                                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(00000000,?,?,?,?,00888BBA,00000000,?), ref: 00888D1B
                                                                                                                                                                                                                                                                                                                                                                        • DestroyAcceleratorTable.USER32(00000000), ref: 008C6973
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,00000000,?,?,?,?,00888BBA,00000000,?), ref: 008C69A1
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(?,?,?,?,?,?,?,00000000,?,?,?,?,00888BBA,00000000,?), ref: 008C69B8
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_Destroy.COMCTL32(00000000,?,?,?,?,?,?,?,?,00000000,?,?,?,?,00888BBA,00000000), ref: 008C69D4
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 008C69E6
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Destroy$ImageList_$AcceleratorDeleteInvalidateKillObjectRectTableTimerWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 641708696-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 95f2fc0d78d7660beab3e047e7f559878808736ab481fd147585761ee09962d3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 548041c3bbf3cd2d12e02e4dd98324ae374f3eea92f9799f826e67151484a927
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95f2fc0d78d7660beab3e047e7f559878808736ab481fd147585761ee09962d3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A161BB34016614DFDB25AF18DA48B297BF2FB41316F50452CE042DB5A4CB31ADD0EF91
                                                                                                                                                                                                                                                                                                                                                                        Function 00889838 Relevance: 18.1, APIs: 12, Instructions: 137COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889944: GetWindowLongW.USER32(?,000000EB), ref: 00889952
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(0000000F), ref: 00889862
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ColorLongWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 259745315-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 20b475c756be11754625c8e84fb60436058bbdc0fdd3f5f9784c4b805b9c0e42
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5e73ad84f81beb0110779a5be6bcfb976610f3b7248a2b695e72e9a023f07be0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 20b475c756be11754625c8e84fb60436058bbdc0fdd3f5f9784c4b805b9c0e42
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2418071108645AFDB206F389C88BB93BA5FB06335F184669F9E2C71E1D7319C42EB11
                                                                                                                                                                                                                                                                                                                                                                        Function 008D96E2 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,00000FFF,00000001,00000000,?,?,008BF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?), ref: 008D9717
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000,?,008BF7F8,00000001), ref: 008D9720
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00000001,?,00000FFF,?,?,008BF7F8,00000001,0000138C,00000001,?,00000001,00000000,?,?,00000000), ref: 008D9742
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000,?,008BF7F8,00000001), ref: 008D9745
                                                                                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,00000000,?,00011010), ref: 008D9866
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: HandleLoadModuleString$Message_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s: %s %s$Line %d (File "%s"):$Line %d:$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 747408836-2268648507
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 898d11816e5ec83616011b146c91e704492374cc8ce7e0d750e419cdf6fddbb9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c66b30a84d9c82a0a05369ac1a380007771ababe3b7db2b34d0314bc72e09eec
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 898d11816e5ec83616011b146c91e704492374cc8ce7e0d750e419cdf6fddbb9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6416E72800209AACF14EBE4DD86DEE7778FF55340F504125F209B2196EA35AF48DB62
                                                                                                                                                                                                                                                                                                                                                                        Function 008D06DE Relevance: 17.6, APIs: 7, Strings: 3, Instructions: 127registryshareCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00876B57: _wcslen.LIBCMT ref: 00876B6A
                                                                                                                                                                                                                                                                                                                                                                        • WNetAddConnection2W.MPR(?,?,?,00000000), ref: 008D07A2
                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,80000002,?), ref: 008D07BE
                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,?,SOFTWARE\Classes\), ref: 008D07DA
                                                                                                                                                                                                                                                                                                                                                                        • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,?,?,?,SOFTWARE\Classes\), ref: 008D0804
                                                                                                                                                                                                                                                                                                                                                                        • CLSIDFromString.OLE32(?,000001FE,?,SOFTWARE\Classes\), ref: 008D082C
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 008D0837
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,SOFTWARE\Classes\), ref: 008D083C
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Close$ConnectConnection2FromOpenQueryRegistryStringValue_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: SOFTWARE\Classes\$\CLSID$\IPC$
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 323675364-22481851
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d0f9a6105066a3369e833babc1e9638470db5649c6a5425b2e3be8f3b8758425
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0fcbbdd00910bce316102dfc6e9ccf7fccff20718687c3dc4c1d7c1e29b795e6
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0f9a6105066a3369e833babc1e9638470db5649c6a5425b2e3be8f3b8758425
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44410772C10229AADF15EBA4DC859EDB778FF48350F458129E905A72A1EB309E04DF91
                                                                                                                                                                                                                                                                                                                                                                        Function 008F3C30 Relevance: 16.8, APIs: 11, Instructions: 344fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 008F3C5C
                                                                                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 008F3C8A
                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 008F3C94
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008F3D2D
                                                                                                                                                                                                                                                                                                                                                                        • GetRunningObjectTable.OLE32(00000000,?), ref: 008F3DB1
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001,00000029), ref: 008F3ED5
                                                                                                                                                                                                                                                                                                                                                                        • CoGetInstanceFromFile.OLE32(00000000,?,00000000,00000015,00000002,?,00000001,?), ref: 008F3F0E
                                                                                                                                                                                                                                                                                                                                                                        • CoGetObject.OLE32(?,00000000,0090FB98,?), ref: 008F3F2D
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000), ref: 008F3F40
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000000,00000000), ref: 008F3FC4
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 008F3FD8
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$ObjectVariant$ClearFileFromInitInitializeInstanceRunningTableUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 429561992-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cd0669717cfdff206a0b38a33776ed3ae64bc53c12ab4a3e250d7fa47c4b5332
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bd019c365b10fad14f5771c907b43f36bef19acd006d262b42fe3ffbee3bef96
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cd0669717cfdff206a0b38a33776ed3ae64bc53c12ab4a3e250d7fa47c4b5332
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0C10471608209AFD700DF68C88492BB7E9FF89748F14491DFA8ADB251DB31EE45CB52
                                                                                                                                                                                                                                                                                                                                                                        Function 008E7A96 Relevance: 16.8, APIs: 11, Instructions: 298comCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 008E7AF3
                                                                                                                                                                                                                                                                                                                                                                        • SHGetSpecialFolderLocation.SHELL32(00000000,00000000,?), ref: 008E7B8F
                                                                                                                                                                                                                                                                                                                                                                        • SHGetDesktopFolder.SHELL32(?), ref: 008E7BA3
                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(0090FD08,00000000,00000001,00936E6C,?), ref: 008E7BEF
                                                                                                                                                                                                                                                                                                                                                                        • SHCreateShellItem.SHELL32(00000000,00000000,?,00000003), ref: 008E7C74
                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(?,?), ref: 008E7CCC
                                                                                                                                                                                                                                                                                                                                                                        • SHBrowseForFolderW.SHELL32(?), ref: 008E7D57
                                                                                                                                                                                                                                                                                                                                                                        • SHGetPathFromIDListW.SHELL32(00000000,?), ref: 008E7D7A
                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 008E7D81
                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000), ref: 008E7DD6
                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 008E7DDC
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FolderFreeTask$Create$BrowseDesktopFromInitializeInstanceItemListLocationPathShellSpecialUninitialize
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2762341140-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 23d0f1eb9b8d5c4658fab96f7af63e9729e1236ce57b34f866e4fe2d6a25b0d9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7cfea90eb601c990c58ce9d7a508bfea3f2f6621d07242d0f873ee4a0bff4539
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 23d0f1eb9b8d5c4658fab96f7af63e9729e1236ce57b34f866e4fe2d6a25b0d9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B5C12A75A04149AFCB14DFA9C884DAEBBF9FF49314B148598E819DB361D730EE41CB90
                                                                                                                                                                                                                                                                                                                                                                        Function 0090541D Relevance: 16.7, APIs: 11, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000158,000000FF,00000158), ref: 00905504
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00905515
                                                                                                                                                                                                                                                                                                                                                                        • CharNextW.USER32(00000158), ref: 00905544
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014B,00000000,00000000), ref: 00905585
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000158,000000FF,0000014E), ref: 0090559B
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 009055AC
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CharNext
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1350042424-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a73aef8cbdfe1306b204880e260c10f2712581f75ca5e0ec832d7e97e090fe0a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 520440cfff43d9f7208a0370509d6931e7da326aa8d038e09ad024cbf573016f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a73aef8cbdfe1306b204880e260c10f2712581f75ca5e0ec832d7e97e090fe0a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC617775904609AFDF208F94CC84EFF7BB9EB0A320F118545F925AA2E0D7749A81DF60
                                                                                                                                                                                                                                                                                                                                                                        Function 008CFA88 Relevance: 16.6, APIs: 11, Instructions: 122memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAllocDescriptorEx.OLEAUT32(0000000C,?,?), ref: 008CFAAF
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAllocData.OLEAUT32(?), ref: 008CFB08
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 008CFB1A
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(?,?), ref: 008CFB3A
                                                                                                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(?,?), ref: 008CFB8D
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(?), ref: 008CFBA1
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 008CFBB6
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayDestroyData.OLEAUT32(?), ref: 008CFBC3
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 008CFBCC
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 008CFBDE
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayDestroyDescriptor.OLEAUT32(?), ref: 008CFBE9
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ArraySafe$DataVariant$DescriptorDestroy$AllocClear$AccessCopyInitUnaccess
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2706829360-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 186cd0225d23373cf30bce6bfa206118b069fbc8ba2c00bc68b63c87abb9894b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3130a4e80b77c7ec84feae244a7a24730355ecd404f994dff52c32d5413e0a7c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 186cd0225d23373cf30bce6bfa206118b069fbc8ba2c00bc68b63c87abb9894b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 18413F75A04219AFDB00DF68C854EADBBBAFF48354F008169E945E7262CB30ED45DF91
                                                                                                                                                                                                                                                                                                                                                                        Function 008D9C79 Relevance: 16.6, APIs: 11, Instructions: 119keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 008D9CA1
                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A0), ref: 008D9D22
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A0), ref: 008D9D3D
                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(000000A1), ref: 008D9D57
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(000000A1), ref: 008D9D6C
                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000011), ref: 008D9D84
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000011), ref: 008D9D96
                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000012), ref: 008D9DAE
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(00000012), ref: 008D9DC0
                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(0000005B), ref: 008D9DD8
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyState.USER32(0000005B), ref: 008D9DEA
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: State$Async$Keyboard
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 541375521-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: afb468424e2b183a68667429c151583e9102943491c0e1abdc4706b75bb240ab
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c695c9152d8408cf7c6910aadab5874fa7a8ce0c1b2db673a0642af7f609ad43
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: afb468424e2b183a68667429c151583e9102943491c0e1abdc4706b75bb240ab
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F341D5745087CA6DFF30976488043B5BFA1FB11344F04825BDAC6D67C2EBA599C8C7A2
                                                                                                                                                                                                                                                                                                                                                                        Function 008F055B Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 207networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • WSAStartup.WSOCK32(00000101,?), ref: 008F05BC
                                                                                                                                                                                                                                                                                                                                                                        • inet_addr.WSOCK32(?), ref: 008F061C
                                                                                                                                                                                                                                                                                                                                                                        • gethostbyname.WSOCK32(?), ref: 008F0628
                                                                                                                                                                                                                                                                                                                                                                        • IcmpCreateFile.IPHLPAPI ref: 008F0636
                                                                                                                                                                                                                                                                                                                                                                        • IcmpSendEcho.IPHLPAPI(?,?,?,00000005,00000000,?,00000029,00000FA0), ref: 008F06C6
                                                                                                                                                                                                                                                                                                                                                                        • IcmpSendEcho.IPHLPAPI(00000000,00000000,?,00000005,00000000,?,00000029,00000FA0), ref: 008F06E5
                                                                                                                                                                                                                                                                                                                                                                        • IcmpCloseHandle.IPHLPAPI(?), ref: 008F07B9
                                                                                                                                                                                                                                                                                                                                                                        • WSACleanup.WSOCK32 ref: 008F07BF
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Icmp$EchoSend$CleanupCloseCreateFileHandleStartupgethostbynameinet_addr
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Ping
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1028309954-2246546115
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 13a9a330f0c906d1d8dd80dcc47304ab881699bce3d2d7b7204cc388b3d28a69
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a539017b0e17980061c1ec8a32e6ad7e4d91d521d834ee923d85f900a8d95fd3
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 13a9a330f0c906d1d8dd80dcc47304ab881699bce3d2d7b7204cc388b3d28a69
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 24916D755082059FD720DF29C488B2ABBE0FF44318F1485A9E569DB6A2C771ED41CF92
                                                                                                                                                                                                                                                                                                                                                                        Function 008F8CD3 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 193COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharLower
                                                                                                                                                                                                                                                                                                                                                                        • String ID: cdecl$none$stdcall$winapi
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 707087890-567219261
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1ae471b2c8ca0760123e0d3b03bd666355cb8a167aaac5f839cc49bd7c6102dd
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 877badc82c51e876bc4d015c3751a4b52e1ed8786e9d874d614a0f729c1fbbae
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1ae471b2c8ca0760123e0d3b03bd666355cb8a167aaac5f839cc49bd7c6102dd
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4251AF32A0051ADBCF24EF7CC9418BEB7A5FF64324B244229E666E7284DB30DD40CB91
                                                                                                                                                                                                                                                                                                                                                                        Function 008F372C Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 187comCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32 ref: 008F3774
                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 008F377F
                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(?,00000000,00000017,0090FB78,?), ref: 008F37D9
                                                                                                                                                                                                                                                                                                                                                                        • IIDFromString.OLE32(?,?), ref: 008F384C
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 008F38E4
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 008F3936
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearCreateFromInitInitializeInstanceStringUninitialize
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Failed to create object$Invalid parameter$NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 636576611-1287834457
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8f78ae0c9ba462a1605ad424f998095316d91f1bfe6997940622ac169ee440a2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4524fa135fd48bd735ae401336f930caaf717d6b9e2978fcc2ebb3bd9b302c5c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8f78ae0c9ba462a1605ad424f998095316d91f1bfe6997940622ac169ee440a2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9F6190B0608305AFD310EF64C889B6ABBE4FF49754F104919FA85DB291D774EE48CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 008E8195 Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 186timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetLocalTime.KERNEL32(?), ref: 008E8257
                                                                                                                                                                                                                                                                                                                                                                        • SystemTimeToFileTime.KERNEL32(?,?), ref: 008E8267
                                                                                                                                                                                                                                                                                                                                                                        • LocalFileTimeToFileTime.KERNEL32(?,?), ref: 008E8273
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 008E8310
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 008E8324
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 008E8356
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 008E838C
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 008E8395
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentDirectoryTime$File$Local$System
                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1464919966-438819550
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 21accf1a6909509c045d349246d1d39f9602c15fc2cfbae5efe4568c902777b9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f71721f09f84f43b62314f139fc0e248a9eb858c62cae670c81f752ce4dd5b9b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 21accf1a6909509c045d349246d1d39f9602c15fc2cfbae5efe4568c902777b9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 816169B25083459FCB10EF69C8419AEB3E8FF8A314F04891EF999D7251DB31E945CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 008E3388 Relevance: 15.9, APIs: 3, Strings: 6, Instructions: 149COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000066,?,00000FFF,?), ref: 008E33CF
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000072,?,00000FFF,?), ref: 008E33F0
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Incorrect parameters to object property !$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4099089115-3080491070
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f5af430f6cbf5f2f1f4cd3bcefefa46fc34b6864677081d84da32aa6a953492e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fa3eaf67dffcda17558dcaa70d69c90e63ef12788251323b9857540a14697eb4
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f5af430f6cbf5f2f1f4cd3bcefefa46fc34b6864677081d84da32aa6a953492e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 66519D72800209AADF15EBA4CD46EEEB778FF15344F108165F509B21A2EB316F58DF62
                                                                                                                                                                                                                                                                                                                                                                        Function 008DB5C8 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 142COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                        • String ID: APPEND$EXISTS$KEYS$REMOVE
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1256254125-769500911
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6933b2448a5e312953cfbc5ec57cca42f352c478acad791e27699cdbbcb8bb77
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 35e7ec3f0459c7269a71991f8e8148820f0e76705a0c591dc5f71a0d7160290a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6933b2448a5e312953cfbc5ec57cca42f352c478acad791e27699cdbbcb8bb77
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA41B632A00126DBCB206F7D98905BE7BA5FB75768B26432AE425D7384E731CD81C790
                                                                                                                                                                                                                                                                                                                                                                        Function 008E5393 Relevance: 15.9, APIs: 4, Strings: 5, Instructions: 103COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 008E53A0
                                                                                                                                                                                                                                                                                                                                                                        • GetDiskFreeSpaceW.KERNEL32(?,?,?,?,?,00000002,00000001), ref: 008E5416
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 008E5420
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,READY), ref: 008E54A7
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Error$Mode$DiskFreeLastSpace
                                                                                                                                                                                                                                                                                                                                                                        • String ID: INVALID$NOTREADY$READONLY$READY$UNKNOWN
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4194297153-14809454
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7a21a72e8deda4fa0f2ab8a37bf212423e37cd596de7dfc5f423709d18748a22
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 80a7c197fe1655cdfbbb1b894d96e6cda38f2495893848e6e4cff540ec4e410b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a21a72e8deda4fa0f2ab8a37bf212423e37cd596de7dfc5f423709d18748a22
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A31D0B5A002489FC710DF69C884AAABBF4FF4630DF148065E405CB2D2D770DD86CB91
                                                                                                                                                                                                                                                                                                                                                                        Function 00903C46 Relevance: 15.9, APIs: 7, Strings: 2, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateMenu.USER32 ref: 00903C79
                                                                                                                                                                                                                                                                                                                                                                        • SetMenu.USER32(?,00000000), ref: 00903C88
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00903D10
                                                                                                                                                                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 00903D24
                                                                                                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 00903D2E
                                                                                                                                                                                                                                                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00903D5B
                                                                                                                                                                                                                                                                                                                                                                        • DrawMenuBar.USER32 ref: 00903D63
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$CreateItem$DrawInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0$F
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 161812096-3044882817
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e510db58bb8cde4498a3972c72809ee71df5a4a8667550ae14fa443894d07ca7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b29622f4375bdb8e645f997812982482bd2d03be564afa38e0f1c6615707db24
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e510db58bb8cde4498a3972c72809ee71df5a4a8667550ae14fa443894d07ca7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F417CB9A15209EFDB14CF64E844EAA7BB9FF49350F144129F946973A0D730AA10EF90
                                                                                                                                                                                                                                                                                                                                                                        Function 00903A23 Relevance: 15.2, APIs: 10, Instructions: 182windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101F,00000000,00000000), ref: 00903A9D
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,?,0000101F,00000000), ref: 00903AA0
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00903AC7
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001004,00000000,00000000), ref: 00903AEA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000104D,00000000,00000007), ref: 00903B62
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001074,00000000,00000007), ref: 00903BAC
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001057,00000000,00000000), ref: 00903BC7
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101D,00001004,00000000), ref: 00903BE2
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000101E,00001004,00000000), ref: 00903BF6
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001008,00000000,00000007), ref: 00903C13
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$LongWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 312131281-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8fd71ee559eb3e9cdf850f209ec12b00eaeea338ffdbd09cd2f2223fe34c4413
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 02883d6345dd2fa6c5c287bbf85957caaae1f0172c00d416346fe925ad6a62ea
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8fd71ee559eb3e9cdf850f209ec12b00eaeea338ffdbd09cd2f2223fe34c4413
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08617875A00218AFDB10DFA8CC81EEE77BCEB49714F104199FA15E72E1D774AA81DB50
                                                                                                                                                                                                                                                                                                                                                                        Function 008DB12F Relevance: 15.1, APIs: 10, Instructions: 88threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 008DB151
                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32(00000000,?,?,?,?,?,008DA1E1,?,00000001), ref: 008DB165
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(00000000), ref: 008DB16C
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,008DA1E1,?,00000001), ref: 008DB17B
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 008DB18D
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,00000000,00000001,?,?,?,?,?,008DA1E1,?,00000001), ref: 008DB1A6
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,00000001,?,?,?,?,?,008DA1E1,?,00000001), ref: 008DB1B8
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,00000000,?,?,?,?,?,008DA1E1,?,00000001), ref: 008DB1FD
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(?,?,00000000,?,?,?,?,?,008DA1E1,?,00000001), ref: 008DB212
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,?,00000000,?,?,?,?,?,008DA1E1,?,00000001), ref: 008DB21D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Thread$AttachInput$Window$Process$CurrentForeground
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2156557900-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0b57787e6cc64891b2343d1fecb4f54fc2713a183e86fcbde7d60059b9033d10
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fe1ca3becca443f9412d0ce6411e6d753417ae6d99041e61a647fed98e3e871a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0b57787e6cc64891b2343d1fecb4f54fc2713a183e86fcbde7d60059b9033d10
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 75318EB6528204FFDB209F64EC88F6D7BB9FB52359F118306FA01D6290D7B49A409F64
                                                                                                                                                                                                                                                                                                                                                                        Function 008A2C80 Relevance: 15.1, APIs: 10, Instructions: 54COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A2C94
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008AD7D1,00000000,00000000,00000000,00000000,?,008AD7F8,00000000,00000007,00000000,?,008ADBF5,00000000), ref: 008A29DE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A29C8: GetLastError.KERNEL32(00000000,?,008AD7D1,00000000,00000000,00000000,00000000,?,008AD7F8,00000000,00000007,00000000,?,008ADBF5,00000000,00000000), ref: 008A29F0
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A2CA0
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A2CAB
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A2CB6
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A2CC1
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A2CCC
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A2CD7
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A2CE2
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A2CED
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A2CFB
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f2ac166815e1b5bea8c86a7748ef7fe99451a43c801e0b2abbb00d26b32c1ad3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4d51c59b50e127baee464e20b05670ec093c59c8904e6c088f2176b277a5d62b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f2ac166815e1b5bea8c86a7748ef7fe99451a43c801e0b2abbb00d26b32c1ad3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6611C676100108AFDB52EF5CD842DDE3FA5FF06750F4544A0FA489BA22D631EA509B92
                                                                                                                                                                                                                                                                                                                                                                        Function 008E7DF0 Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentDirectoryW.KERNEL32(00007FFF,?), ref: 008E7FAD
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 008E7FC1
                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?), ref: 008E7FEB
                                                                                                                                                                                                                                                                                                                                                                        • SetFileAttributesW.KERNEL32(?,00000000), ref: 008E8005
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 008E8017
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?), ref: 008E8060
                                                                                                                                                                                                                                                                                                                                                                        • SetCurrentDirectoryW.KERNEL32(?,?,?,?,?), ref: 008E80B0
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentDirectory$AttributesFile
                                                                                                                                                                                                                                                                                                                                                                        • String ID: *.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 769691225-438819550
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f46a27be73811c0725dfcb90bf9cb4f97f0f1aef6169359dda01b247c7e10486
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ee17e0257417e8027f322fd99b79c49aa65ed43018b7a4d88ae7c37f73360ac1
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f46a27be73811c0725dfcb90bf9cb4f97f0f1aef6169359dda01b247c7e10486
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5A81B2715082869BCB24EF1AC8449AEB3E8FF86714F144C6EF889D7250EB34DD45CB52
                                                                                                                                                                                                                                                                                                                                                                        Function 00875BEA Relevance: 14.2, APIs: 7, Strings: 1, Instructions: 184windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EB), ref: 00875C7A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00875D0A: GetClientRect.USER32(?,?), ref: 00875D30
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00875D0A: GetWindowRect.USER32(?,?), ref: 00875D71
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00875D0A: ScreenToClient.USER32(?,?), ref: 00875D99
                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32 ref: 008B46F5
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000031,00000000,00000000), ref: 008B4708
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 008B4716
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(00000000,00000000), ref: 008B472B
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 008B4733
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,?,?,00000031,00000000,00000000), ref: 008B47C4
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ClientObjectRectSelect$LongMessageMoveReleaseScreenSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID: U
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4009187628-3372436214
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1e57796255797a8db7b0129c63870a964ab218657cba0f9fcbd9b6368a27d5a7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e9fd88642468e2dda5fe03e1b4e11dab4806293620ef5c3356a603764f0dec51
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1e57796255797a8db7b0129c63870a964ab218657cba0f9fcbd9b6368a27d5a7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4071F134404209DFDF218F64C986AFA3BB5FF8A314F245269E955DA2ABCB31D881DF50
                                                                                                                                                                                                                                                                                                                                                                        Function 008E359C Relevance: 14.2, APIs: 3, Strings: 5, Instructions: 150COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000066,?,00000FFF,00000000), ref: 008E35E4
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00942390,?,00000FFF,?), ref: 008E360A
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LoadString$_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Error: $"%s" (%d) : ==> %s:$"%s" (%d) : ==> %s:%s%s$Line %d (File "%s"):$^ ERROR
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4099089115-2391861430
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 854489bae74b2adcf93a2044b4bdaf93c20f0c1fcb1dea8e01c0074cdd909863
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 67c35a9da3d87b799bb2dd9c895a0b0b5f9085b7690ee2bc938845404083fb64
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 854489bae74b2adcf93a2044b4bdaf93c20f0c1fcb1dea8e01c0074cdd909863
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 84518F71800249BACF15EBA4DC46EEEBB78FF15304F048125F109B21A5EB309B98DF62
                                                                                                                                                                                                                                                                                                                                                                        Function 00908B02 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 149windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00889BB2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088912D: GetCursorPos.USER32(?), ref: 00889141
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088912D: ScreenToClient.USER32(00000000,?), ref: 0088915E
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088912D: GetAsyncKeyState.USER32(00000001), ref: 00889183
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088912D: GetAsyncKeyState.USER32(00000002), ref: 0088919D
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_DragLeave.COMCTL32(00000000,00000000,00000001,?,?,?,?), ref: 00908B6B
                                                                                                                                                                                                                                                                                                                                                                        • ImageList_EndDrag.COMCTL32 ref: 00908B71
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseCapture.USER32 ref: 00908B77
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowTextW.USER32(?,00000000), ref: 00908C12
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,00000000,000000FF), ref: 00908C25
                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,00000202,?,?,00000000,00000001,?,?,?,?), ref: 00908CFF
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AsyncDragImageList_StateWindow$CaptureClientCursorLeaveLongMessageProcReleaseScreenSendText
                                                                                                                                                                                                                                                                                                                                                                        • String ID: @GUI_DRAGFILE$@GUI_DROPID
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1924731296-2107944366
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ab1bdd74950e955aecdcfce7a284346ea3b71c7e0d7f2b74408af23df50ad2c6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c53b529f0d0694e8b66c538917624b9bf9464c700ff27ceb21711f73c764cc7c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab1bdd74950e955aecdcfce7a284346ea3b71c7e0d7f2b74408af23df50ad2c6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8519D74208310AFE714EF24DC56FAA77E4FB88714F000A2DF996A72E1CB719944DB62
                                                                                                                                                                                                                                                                                                                                                                        Function 008EC253 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 94networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 008EC272
                                                                                                                                                                                                                                                                                                                                                                        • HttpSendRequestW.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008EC29A
                                                                                                                                                                                                                                                                                                                                                                        • HttpQueryInfoW.WININET(00000000,00000005,?,?,?), ref: 008EC2CA
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 008EC322
                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?), ref: 008EC336
                                                                                                                                                                                                                                                                                                                                                                        • InternetCloseHandle.WININET(00000000), ref: 008EC341
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: HttpInternet$CloseErrorEventHandleInfoLastOpenQueryRequestSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3113390036-3916222277
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ba394aed78d07368a008f573c6ca53a32c6e55e2f83ed592e43389657e17f6de
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9a4ef7f8cdb5c5d6672e8674bb09b755507e59182e7a6b51eb37c92e892d20d2
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba394aed78d07368a008f573c6ca53a32c6e55e2f83ed592e43389657e17f6de
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE317FB1904648AFD7219FAA8C88AAB7BFCFB4A744F14851DF446D2200DB30DD069B61
                                                                                                                                                                                                                                                                                                                                                                        Function 008D989B Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 74windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000FFF,00000000,?,008B3AAF,?,?,Bad directive syntax error,0090CC08,00000000,00000010,?,?,>>>AUTOIT SCRIPT<<<), ref: 008D98BC
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000,?,008B3AAF,?), ref: 008D98C3
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,00000001,00000001,00011010), ref: 008D9987
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: HandleLoadMessageModuleString_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Error: $%s (%d) : ==> %s.: %s %s$.$Line %d (File "%s"):$Line %d:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 858772685-4153970271
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f632b941bdb5edfbf8c94a9a61f2245e115c6cdf8181b8bd597600b9b206f7e4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0ddd6d2608400c37ff3e53d3ecb0f7891190bdc66e0aab976ff96af5edb24a79
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f632b941bdb5edfbf8c94a9a61f2245e115c6cdf8181b8bd597600b9b206f7e4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C0216031C0421ABBCF15AF94CC1AEEE7779FF18304F048466F519A61A2EB719618DB52
                                                                                                                                                                                                                                                                                                                                                                        Function 008D209F Relevance: 14.1, APIs: 3, Strings: 5, Instructions: 71windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32 ref: 008D20AB
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(00000000,?,00000100), ref: 008D20C0
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000111,0000702B,00000000), ref: 008D214D
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameParentSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID: SHELLDLL_DefView$details$largeicons$list$smallicons
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1290815626-3381328864
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 63b30e64875a45dfb611aa9725cfc42776ebb63ba1efe8231c4be25c0dccf4de
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0725aa7c8710cbb21ff42f0dd8ec3167b583ca265004a1cbb0e855ce4cff4623
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 63b30e64875a45dfb611aa9725cfc42776ebb63ba1efe8231c4be25c0dccf4de
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8A110676688717B9FE117224DC07DA677ACEF28728F214317FB04E51E1FE61B8025A14
                                                                                                                                                                                                                                                                                                                                                                        Function 008A8D45 Relevance: 13.8, APIs: 9, Instructions: 300COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: abe6fe087edfcb4177dde1b17ad0f3c5162f70081ce81c99a384acc3a22678e2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 096bb3bd5c01b18b88f7e31a737fdc7dcaf09a23fe2cd5f699c54b807dee19da
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: abe6fe087edfcb4177dde1b17ad0f3c5162f70081ce81c99a384acc3a22678e2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7FC1C174908249DFEF11AFACC841BADBFB4FF0A310F184199E954E7692CB749941CB61
                                                                                                                                                                                                                                                                                                                                                                        Function 008ACE90 Relevance: 13.7, APIs: 9, Instructions: 209COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$EnvironmentVariable___from_strstr_to_strchr
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1282221369-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c59470f488f92543bd1b25530f0ee917b8c1d8d4b6500df3681f203c5a70783d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8bb152a05d000a4d265680dc445d91a82be560ce9b95c3c5f32b405486be5d09
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c59470f488f92543bd1b25530f0ee917b8c1d8d4b6500df3681f203c5a70783d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C2614772908304AFFF21AFBC9881B6A7BA5FF03320F04416DFA55D7A82DA719D018752
                                                                                                                                                                                                                                                                                                                                                                        Function 009050D4 Relevance: 13.7, APIs: 9, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00002001,00000000,00000000), ref: 00905186
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000000), ref: 009051C7
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000005,?,00000000), ref: 009051CD
                                                                                                                                                                                                                                                                                                                                                                        • SetFocus.USER32(?,?,00000005,?,00000000), ref: 009051D1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00906FBA: DeleteObject.GDI32(00000000), ref: 00906FE6
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 0090520D
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 0090521A
                                                                                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,00000001), ref: 0090524D
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001001,00000000,000000FE), ref: 00905287
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001026,00000000,000000FE), ref: 00905296
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$MessageSend$LongShow$DeleteFocusInvalidateObjectRect
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3210457359-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ade5a78e8100d3d42d4f094e3dab38dacd946b52854cae73af1d3abf3bc82d75
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 42f21d8540a8a49edda15eb1570b5fce20ae7728ada57116422b33cafb06eb32
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ade5a78e8100d3d42d4f094e3dab38dacd946b52854cae73af1d3abf3bc82d75
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1A518C70A58A09FEEF20AF28CC4AB9A3BA9EF05321F154511F625D62E0C775A990DF41
                                                                                                                                                                                                                                                                                                                                                                        Function 00888B06 Relevance: 13.7, APIs: 9, Instructions: 155windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,?,00000010,00000010,00000010), ref: 008C6890
                                                                                                                                                                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,?,00000000,00000000,00000001), ref: 008C68A9
                                                                                                                                                                                                                                                                                                                                                                        • LoadImageW.USER32(00000000,?,00000001,00000000,00000000,00000050), ref: 008C68B9
                                                                                                                                                                                                                                                                                                                                                                        • ExtractIconExW.SHELL32(?,?,?,00000000,00000001), ref: 008C68D1
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000000,00000000), ref: 008C68F2
                                                                                                                                                                                                                                                                                                                                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00888874,00000000,00000000,00000000,000000FF,00000000), ref: 008C6901
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000080,00000001,00000000), ref: 008C691E
                                                                                                                                                                                                                                                                                                                                                                        • DestroyIcon.USER32(00000000,?,00000010,00000010,00000010,?,?,?,?,?,00888874,00000000,00000000,00000000,000000FF,00000000), ref: 008C692D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Icon$DestroyExtractImageLoadMessageSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1268354404-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 152fdd5a448fb3d16ca92197caf14e6d6faff671cb9cd6e15a16e07ca3dfc264
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4ee983f57c1ad6e0baac3c34f7aa129f384067dc3f4f95d109905d3b8a6a9a3d
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 152fdd5a448fb3d16ca92197caf14e6d6faff671cb9cd6e15a16e07ca3dfc264
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32516C74610209EFDB24DF24CC95FAA7BB5FB88760F104628F956D72A0EB70E990DB50
                                                                                                                                                                                                                                                                                                                                                                        Function 008EC143 Relevance: 13.6, APIs: 9, Instructions: 95networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InternetConnectW.WININET(?,?,?,?,?,?,00000000,00000000), ref: 008EC182
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 008EC195
                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?), ref: 008EC1A9
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008EC253: InternetOpenUrlW.WININET(?,?,00000000,00000000,?,00000000), ref: 008EC272
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008EC253: GetLastError.KERNEL32 ref: 008EC322
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008EC253: SetEvent.KERNEL32(?), ref: 008EC336
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008EC253: InternetCloseHandle.WININET(00000000), ref: 008EC341
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Internet$ErrorEventLast$CloseConnectHandleOpen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 337547030-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0bbcf8fcae103d9683ff6360b8ab2e29df19efdff36ccd05c11ba26770a09e1d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0a8d05f3d1bede77adf862a87ef9efb8e54ce3dd851ce550ffd6a59fd4223357
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0bbcf8fcae103d9683ff6360b8ab2e29df19efdff36ccd05c11ba26770a09e1d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6D3190B1A04785AFDB219FAADC44A67BBF9FF1A300B00451DFA56C2610D730E816EB60
                                                                                                                                                                                                                                                                                                                                                                        Function 008D25A2 Relevance: 13.6, APIs: 9, Instructions: 60sleepkeyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 008D3A57
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D3A3D: GetCurrentThreadId.KERNEL32 ref: 008D3A5E
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008D25B3), ref: 008D3A65
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 008D25BD
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000025,00000000), ref: 008D25DB
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000025,00000000), ref: 008D25DF
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 008D25E9
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000100,00000027,00000000), ref: 008D2601
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000100,00000027,00000000), ref: 008D2605
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000025,00000000), ref: 008D260F
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000027,00000000), ref: 008D2623
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,00000101,00000027,00000000,?,00000100,00000027,00000000), ref: 008D2627
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessagePostSleepThreadVirtual$AttachCurrentInputProcessWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2014098862-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 801776dc4e8ffee3cf21ac46cbf0806e9a0d3a518f7b02490f7886c32d83eabf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8b85dc0e28a778fafc6686a5ef71fd959d386a3f6fe46276999b4a57049a37bb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 801776dc4e8ffee3cf21ac46cbf0806e9a0d3a518f7b02490f7886c32d83eabf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CE01D870398624BBFB2067689C8AF593F69EB5EB11F100202F314EF1D1C9E254449AAA
                                                                                                                                                                                                                                                                                                                                                                        Function 008D1803 Relevance: 13.5, APIs: 9, Instructions: 49memorythreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,0000000C,?,00000000,?,008D1449,?,?,00000000), ref: 008D180C
                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,008D1449,?,?,00000000), ref: 008D1813
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,008D1449,?,?,00000000), ref: 008D1828
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(?,00000000,?,008D1449,?,?,00000000), ref: 008D1830
                                                                                                                                                                                                                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,008D1449,?,?,00000000), ref: 008D1833
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000000,00000000,00000000,00000002,?,008D1449,?,?,00000000), ref: 008D1843
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(008D1449,00000000,?,008D1449,?,?,00000000), ref: 008D184B
                                                                                                                                                                                                                                                                                                                                                                        • DuplicateHandle.KERNEL32(00000000,?,008D1449,?,?,00000000), ref: 008D184E
                                                                                                                                                                                                                                                                                                                                                                        • CreateThread.KERNEL32(00000000,00000000,008D1874,00000000,00000000,00000000), ref: 008D1868
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$Current$DuplicateHandleHeap$AllocCreateThread
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1957940570-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 165c94967f899776036b324b1a596fdc88f5ea8f5b5ac631af763cb61b441fdc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 952caf4af0820f1132cf14d0d51774b5e6e66f68e1e21eb8b14bc4a8f033d6de
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 165c94967f899776036b324b1a596fdc88f5ea8f5b5ac631af763cb61b441fdc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA01BFB5254304BFE750AB65DC4DF573B6CEB89B11F004511FA05DB291C6749800DB20
                                                                                                                                                                                                                                                                                                                                                                        Function 008FA0E2 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 160COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DD4DC: CreateToolhelp32Snapshot.KERNEL32 ref: 008DD501
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DD4DC: Process32FirstW.KERNEL32(00000000,?), ref: 008DD50F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DD4DC: CloseHandle.KERNEL32(00000000), ref: 008DD5DC
                                                                                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 008FA16D
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 008FA180
                                                                                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000001,00000000,?), ref: 008FA1B3
                                                                                                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000), ref: 008FA268
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(00000000), ref: 008FA273
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 008FA2C4
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$CloseErrorHandleLastOpen$CreateFirstProcess32SnapshotTerminateToolhelp32
                                                                                                                                                                                                                                                                                                                                                                        • String ID: SeDebugPrivilege
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2533919879-2896544425
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 416b50befbbb7fc1bc8a1ff2a69e78d63e4205fa9e85c2f610ad2d4cab8526bf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 049b2211ef689023bd1931c4108fa14130014aeff60830d447042ee27fde8f96
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 416b50befbbb7fc1bc8a1ff2a69e78d63e4205fa9e85c2f610ad2d4cab8526bf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7A618DB02082429FD714DF28C494F29BBA5FF44328F14848CE56A8B7A3C772ED45CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 00903886 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 141windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001036,00000010,00000010), ref: 00903925
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00001036,00000000,?), ref: 0090393A
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000013), ref: 00903954
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00903999
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001057,00000000,?), ref: 009039C6
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001061,?,0000000F), ref: 009039F4
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$Window_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: SysListView32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2147712094-78025650
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 139b971d0cf43df90aa49c4f2c2982d6d86cb7d6d28c7076858e3aac67898827
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9de36692737457f801fb8dd6c8aed0f8a776c5b791ca8a2807f2b7cff4c61e86
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 139b971d0cf43df90aa49c4f2c2982d6d86cb7d6d28c7076858e3aac67898827
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 25419E71A00219AFEF219F64CC49BEA7BADFF48354F104526F958E72C1D7719A80CB90
                                                                                                                                                                                                                                                                                                                                                                        Function 008DBC5E Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 137windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 008DBCFD
                                                                                                                                                                                                                                                                                                                                                                        • IsMenu.USER32(00000000), ref: 008DBD1D
                                                                                                                                                                                                                                                                                                                                                                        • CreatePopupMenu.USER32 ref: 008DBD53
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00BB65C0), ref: 008DBDA4
                                                                                                                                                                                                                                                                                                                                                                        • InsertMenuItemW.USER32(00BB65C0,?,00000001,00000030), ref: 008DBDCC
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$Item$CountCreateInfoInsertPopup
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0$2
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 93392585-3793063076
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 384834d11b00140655b5b957a36d34f0825cb8f70ae26b4de99f2c437c9911a2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1a43bfde836344b5f0299066f98d887cc8b1ffc67ccd00bcdd05813c37e54b9d
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 384834d11b00140655b5b957a36d34f0825cb8f70ae26b4de99f2c437c9911a2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 85519C70A04209EBDB20DFA8D884BAEBBF6FF49324F15435AE441D7390DB709940CB62
                                                                                                                                                                                                                                                                                                                                                                        Function 008DC874 Relevance: 12.3, APIs: 2, Strings: 5, Instructions: 81windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadIconW.USER32(00000000,00007F03), ref: 008DC913
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: IconLoad
                                                                                                                                                                                                                                                                                                                                                                        • String ID: blank$info$question$stop$warning
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2457776203-404129466
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e777d0a6d4cbb265ff975d320cfd282663d95043a418651bf2a5c558e72ac7e1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 75fb8375dbfc67c11610ed87a68d075e4141fa45ea3c9af4e719dd9fbc9efb3b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e777d0a6d4cbb265ff975d320cfd282663d95043a418651bf2a5c558e72ac7e1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 03110D3168930BBAEB016B54DC93CAE7BDCFF15368B50423BF501E6382D7705E01A665
                                                                                                                                                                                                                                                                                                                                                                        Function 008DED19 Relevance: 12.1, APIs: 8, Instructions: 137timeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$LocalTime
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 952045576-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1d6e4037c5ff705c4d93a699bcf4eac5eb799e3ba3c87d4b1b4b0151cb8c27eb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cfd5c3ca30091633e787af66f3547b4fec7d5163bf521dde08a7dc93c4a071c0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1d6e4037c5ff705c4d93a699bcf4eac5eb799e3ba3c87d4b1b4b0151cb8c27eb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 19416D65C1021866CF11FBF8888A9CFB7A8FF45710F548562F518E3622FB34E255C3AA
                                                                                                                                                                                                                                                                                                                                                                        Function 0088F8D8 Relevance: 12.1, APIs: 8, Instructions: 124COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,008C682C,00000004,00000000,00000000), ref: 0088F953
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,00000006,?,00000000,?,008C682C,00000004,00000000,00000000), ref: 008CF3D1
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,000000FF,?,00000000,?,008C682C,00000004,00000000,00000000), ref: 008CF454
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ShowWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1268545403-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 919ab7a31900167c01f0485488f82b9040bda9a66e380daca137c7bc0e1819e0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f1d557988237209827249ca3e1a5cf58ecaba468a4656553617a7173fd5d2e7a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 919ab7a31900167c01f0485488f82b9040bda9a66e380daca137c7bc0e1819e0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C241D931618680BED739AB3D8C88B2A7FA2FB56314F14453CE387D6663D635E880DB11
                                                                                                                                                                                                                                                                                                                                                                        Function 00902D03 Relevance: 12.1, APIs: 8, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32(00000000), ref: 00902D1B
                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 00902D23
                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 00902D2E
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 00902D3A
                                                                                                                                                                                                                                                                                                                                                                        • CreateFontW.GDI32(?,00000000,00000000,00000000,?,00000000,00000000,00000000,00000001,00000004,00000000,?,00000000,?), ref: 00902D76
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000030,00000000,00000001), ref: 00902D87
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000000,?,?,00905A65,?,?,000000FF,00000000,?,000000FF,?), ref: 00902DC2
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000142,00000000,00000000), ref: 00902DE1
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CapsCreateDeleteDeviceFontMoveObjectReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3864802216-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4c8178d2e01ebcd9e8f88ded1e01bed1e9354a42d85d5a39381271dab5e1dd3b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 63f26902be9ca54ca1bb73bce30a20d97fb54ab5fae4d7666620287eaacfd412
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c8178d2e01ebcd9e8f88ded1e01bed1e9354a42d85d5a39381271dab5e1dd3b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A3167B2215214BFEF218F50CC8AFEB3BADEB09715F044165FE089A2D1C6759C51DBA4
                                                                                                                                                                                                                                                                                                                                                                        Function 008D5622 Relevance: 12.1, APIs: 8, Instructions: 92COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 55e20c16f0e73cdb3a53f28803633ed5a71f3cae33f5d979bb6be084cdcc0caf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0530305b9095c79378573bf8f9d948c27c377c436c24f25727989338a86849a6
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55e20c16f0e73cdb3a53f28803633ed5a71f3cae33f5d979bb6be084cdcc0caf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DC212C61648A19BBEA1565149D97FFA336CFF70388F580123FD04DAB81F724EE1085A6
                                                                                                                                                                                                                                                                                                                                                                        Function 008F4FAE Relevance: 10.9, APIs: 4, Strings: 2, Instructions: 359COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: NULL Pointer assignment$Not an Object type
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-572801152
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 782281f60ce5905ce1c9e74690762263f2e8db80e912240f0e83a8b510121a8e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c859bb54715489b121e1e95b322012245eb78b0fdf18bb0d06c2a4627f1f6161
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 782281f60ce5905ce1c9e74690762263f2e8db80e912240f0e83a8b510121a8e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 34D17E71A0060EAFDB14CFA8C881BBEB7B5FB48344F148569EA15EB281E770E945CB50
                                                                                                                                                                                                                                                                                                                                                                        Function 008B1522 Relevance: 10.8, APIs: 7, Instructions: 268COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCPInfo.KERNEL32(00000000,00000000,?,7FFFFFFF,?,?,008B17FB,00000000,00000000,?,00000000,?,?,?,?,00000000), ref: 008B15CE
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,008B17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008B1651
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,008B17FB,?,008B17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008B16E4
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000009,00000000,00000000,00000000,00000000,?,008B17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008B16FB
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A3820: RtlAllocateHeap.NTDLL(00000000,?,00941444,?,0088FDF5,?,?,0087A976,00000010,00941440,008713FC,?,008713C6,?,00871129), ref: 008A3852
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000001,00000000,00000000,00000000,00000000,?,008B17FB,00000000,00000000,?,00000000,?,?,?,?), ref: 008B1777
                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 008B17A2
                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 008B17AE
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$__freea$AllocateHeapInfo
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2829977744-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: cf070cfde931178b137c7ef4a57bcedd91f387f874b2282674554aad2c92fd9e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: caba2d7bcab7c8eabca71cd34716738e084a2631feb17e274e51bfd98c5ef548
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: cf070cfde931178b137c7ef4a57bcedd91f387f874b2282674554aad2c92fd9e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3A91C671E102169EDF208E64C8A9AEE7BB5FF49314F980659E801EF345DB35DD44C760
                                                                                                                                                                                                                                                                                                                                                                        Function 008F4523 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 262COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Incorrect Object type in FOR..IN loop$Null Object assignment in FOR..IN loop
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2610073882-625585964
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7b354f85468e48bc4ca2d1d2f5f6de6bea3c3512784505b8a9b6fc4119432fc1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c932a7ac536094552394f3174f5a84b946650aa060f48d5fd47b24c825c6e6e1
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7b354f85468e48bc4ca2d1d2f5f6de6bea3c3512784505b8a9b6fc4119432fc1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9E916871A0021DABDB20DFA5C884EAFBBB8FF46714F10855AF605EB280D7709945CFA0
                                                                                                                                                                                                                                                                                                                                                                        Function 008E1187 Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayGetVartype.OLEAUT32(00000001,?), ref: 008E125C
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000000,?), ref: 008E1284
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayUnaccessData.OLEAUT32(00000001), ref: 008E12A8
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008E12D8
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008E135F
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008E13C4
                                                                                                                                                                                                                                                                                                                                                                        • SafeArrayAccessData.OLEAUT32(00000001,?), ref: 008E1430
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ArraySafe$Data$Access$UnaccessVartype
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2550207440-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 95c7c2b7394dac078ea3a64837217d99bba5ca4dfc14c85e05b864934de160b4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: af5c91d82bca7ecbaad3a7bc852703dbc2bf2510892f7b1c71d7741f7ebf0b6f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 95c7c2b7394dac078ea3a64837217d99bba5ca4dfc14c85e05b864934de160b4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5D91E575A002599FDF00DF99C888BBEB7B5FF46319F144029EA00E7292D774E941CB95
                                                                                                                                                                                                                                                                                                                                                                        Function 0088948A Relevance: 10.8, APIs: 7, Instructions: 254COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e50cf1a0528d4dedc5c7638a78b6aad8ee6539e51e727ee55e14737e4137fa7b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2e8fc3d0f67d52a79ff7c1a63c8c967642d5cfd2fadf7a5c4844204b2ee33098
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e50cf1a0528d4dedc5c7638a78b6aad8ee6539e51e727ee55e14737e4137fa7b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96912371944219EFCB10DFA9C884AEEBBB8FF48320F188159E555F7251D374AA42DB60
                                                                                                                                                                                                                                                                                                                                                                        Function 008F3947 Relevance: 10.7, APIs: 4, Strings: 2, Instructions: 240COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 008F396B
                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?), ref: 008F3A7A
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008F3A8A
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 008F3C1F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008E0CDF: VariantInit.OLEAUT32(00000000), ref: 008E0D1F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008E0CDF: VariantCopy.OLEAUT32(?,?), ref: 008E0D28
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008E0CDF: VariantClear.OLEAUT32(?), ref: 008E0D34
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInit$BuffCharCopyUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: AUTOIT.ERROR$Incorrect Parameter format
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4137639002-1221869570
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 849dbac64d828a91893ac44a3c6e866b683b9ab82321357c06b55ac9dd8f1b54
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e12ca0ec946ab25f979bdca6dc230925966e45f5a4cdeb88792d6f539b64d31f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 849dbac64d828a91893ac44a3c6e866b683b9ab82321357c06b55ac9dd8f1b54
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0C9134746083099FC704EF28C49192AB7E4FB89314F14892EF989DB351DB31EE45CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 008F4BAD Relevance: 10.7, APIs: 5, Strings: 1, Instructions: 236COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D000E: CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,008CFF41,80070057,?,?,?,008D035E), ref: 008D002B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D000E: ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008CFF41,80070057,?,?), ref: 008D0046
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D000E: lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008CFF41,80070057,?,?), ref: 008D0054
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D000E: CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008CFF41,80070057,?), ref: 008D0064
                                                                                                                                                                                                                                                                                                                                                                        • CoInitializeSecurity.OLE32(00000000,000000FF,00000000,00000000,00000002,00000003,00000000,00000000,00000000,00000001,?,?), ref: 008F4C51
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008F4D59
                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstanceEx.OLE32(?,00000000,00000015,?,00000001,?), ref: 008F4DCF
                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(?), ref: 008F4DDA
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FreeFromProgTask$CreateInitializeInstanceSecurity_wcslenlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                        • String ID: NULL Pointer assignment
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 614568839-2785691316
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a9e7085ac80162df15942bffc22394fd1ad4ec73e288d4094d5d0e9c15967f31
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 50da55e659ec8df03727af33a943415222bc60d80862a9a0293244507b8ef8c3
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a9e7085ac80162df15942bffc22394fd1ad4ec73e288d4094d5d0e9c15967f31
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F291F571D0021DAFDF14DFA4C891AEEBBB8FF48314F10816AE919E7251EB349A448F61
                                                                                                                                                                                                                                                                                                                                                                        Function 009020FD Relevance: 10.7, APIs: 7, Instructions: 196windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetMenu.USER32(?), ref: 00902183
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemCount.USER32(00000000), ref: 009021B5
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuStringW.USER32(00000000,00000000,?,00007FFF,00000400), ref: 009021DD
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 00902213
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemID.USER32(?,?), ref: 0090224D
                                                                                                                                                                                                                                                                                                                                                                        • GetSubMenu.USER32(?,?), ref: 0090225B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 008D3A57
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D3A3D: GetCurrentThreadId.KERNEL32 ref: 008D3A5E
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008D25B3), ref: 008D3A65
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000111,00000000,00000000), ref: 009022E3
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DE97B: Sleep.KERNEL32 ref: 008DE9F3
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$Thread$Item$AttachCountCurrentInputMessagePostProcessSleepStringWindow_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4196846111-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7a5c54dc5d4c1d66b465b86a70eb17656fd5ee56219c4fee4a2d1f29af4e03d6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a74fbea71e01487b84814f8804b677170d6348153064a7ad5161f55e3a795448
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7a5c54dc5d4c1d66b465b86a70eb17656fd5ee56219c4fee4a2d1f29af4e03d6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 51718175E04205AFCB14EFA8C845AAEB7F5FF48310F148459E926EB391DB34ED418B91
                                                                                                                                                                                                                                                                                                                                                                        Function 008DAEBA Relevance: 10.7, APIs: 7, Instructions: 162windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32(?), ref: 008DAEF9
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 008DAF0E
                                                                                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 008DAF6F
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000010,?), ref: 008DAF9D
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000011,?), ref: 008DAFBC
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,00000012,?), ref: 008DAFFD
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000101,0000005B,?), ref: 008DB020
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9c8226ba77ea142dcaf631f3f46474382384c4cebcb50f2322e80b69c0d0807f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0acfbd2f69dea3999e7a3f2bf8eea3072a441ce5ad63820b052a9a73a01c1600
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9c8226ba77ea142dcaf631f3f46474382384c4cebcb50f2322e80b69c0d0807f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 955103A16047D57DFB3A43348805BBB7FE9AB06304F18868AE1E5C55C2C799ACC8D362
                                                                                                                                                                                                                                                                                                                                                                        Function 008DACDA Relevance: 10.7, APIs: 7, Instructions: 161windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetParent.USER32(00000000), ref: 008DAD19
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?), ref: 008DAD2E
                                                                                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(?), ref: 008DAD8F
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000010,?), ref: 008DADBB
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000011,?), ref: 008DADD8
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,00000012,?), ref: 008DAE17
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000100,0000005B,?), ref: 008DAE38
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessagePost$KeyboardState$Parent
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 87235514-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e513602c173000145f040c0e381b1e30ac048135a98b1b04c4088181a9b93d5d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 22ecf0609e79a397f7389b870e7175d964285491554059715f521a0e8a1b2766
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e513602c173000145f040c0e381b1e30ac048135a98b1b04c4088181a9b93d5d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0251E7A15047D53DFB3A4334CC85B7A7F99FB46300F18868AE1D5D6AC2C294EC84E762
                                                                                                                                                                                                                                                                                                                                                                        Function 008A542E Relevance: 10.7, APIs: 7, Instructions: 152fileCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetConsoleCP.KERNEL32(008B3CD6,?,?,?,?,?,?,?,?,008A5BA3,?,?,008B3CD6,?,?), ref: 008A5470
                                                                                                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 008A54EB
                                                                                                                                                                                                                                                                                                                                                                        • __fassign.LIBCMT ref: 008A5506
                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(?,00000000,?,00000001,008B3CD6,00000005,00000000,00000000), ref: 008A552C
                                                                                                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,008B3CD6,00000000,008A5BA3,00000000,?,?,?,?,?,?,?,?,?,008A5BA3,?), ref: 008A554B
                                                                                                                                                                                                                                                                                                                                                                        • WriteFile.KERNEL32(?,?,00000001,008A5BA3,00000000,?,?,?,?,?,?,?,?,?,008A5BA3,?), ref: 008A5584
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileWrite__fassign$ByteCharConsoleMultiWide
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1324828854-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6236e8eae3e99b411d54566ae277a28855db71d99294eca326a5351783496db1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 13e3238ac1899dd97adf5697ba60b8bc0a903afbd6fa114d9eb8d38e854d1180
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6236e8eae3e99b411d54566ae277a28855db71d99294eca326a5351783496db1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6451A5B1D046499FEB10CFA8D855AEEBBF9FF0A300F14415AFA55E7291D7309A81CB60
                                                                                                                                                                                                                                                                                                                                                                        Function 00892D20 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 117COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00892D4B
                                                                                                                                                                                                                                                                                                                                                                        • ___except_validate_context_record.LIBVCRUNTIME ref: 00892D53
                                                                                                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00892DE1
                                                                                                                                                                                                                                                                                                                                                                        • __IsNonwritableInCurrentImage.LIBCMT ref: 00892E0C
                                                                                                                                                                                                                                                                                                                                                                        • _ValidateLocalCookies.LIBCMT ref: 00892E61
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CookiesLocalValidate$CurrentImageNonwritable___except_validate_context_record
                                                                                                                                                                                                                                                                                                                                                                        • String ID: csm
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1170836740-1018135373
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e97dc51be5290811dba5f67676f2b57fa42adbfe171f553c5ee05048729f1a8a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bac4ad87b4dfd8ac3f22ac4bed4865d01ded59d1d97241a645e984ef08f93670
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e97dc51be5290811dba5f67676f2b57fa42adbfe171f553c5ee05048729f1a8a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 44419234A0120DABCF14FF68C885A9EBBB5FF45328F188165E814EB392D7319A55CBD1
                                                                                                                                                                                                                                                                                                                                                                        Function 008F10B8 Relevance: 10.6, APIs: 7, Instructions: 110networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008F304E: inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 008F307A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008F304E: _wcslen.LIBCMT ref: 008F309B
                                                                                                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000001,00000006,?,?,00000000), ref: 008F1112
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 008F1121
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 008F11C9
                                                                                                                                                                                                                                                                                                                                                                        • closesocket.WSOCK32(00000000), ref: 008F11F9
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_wcslenclosesocketinet_addrsocket
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2675159561-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b8e09004cfe72efeb494150b0e9c39ea010cb2edec84ffa24f8b7934662b78db
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 55d085a5a0beaa6205250b1e58db1a1794c524efbc4977a85138df60d19b8df4
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b8e09004cfe72efeb494150b0e9c39ea010cb2edec84ffa24f8b7934662b78db
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4A41C271600208EFDB109F28C888BB9B7A9FF45328F148159FE19DB291C770ED81CBA1
                                                                                                                                                                                                                                                                                                                                                                        Function 008DCF00 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 108filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,008DCF22,?), ref: 008DDDFD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,008DCF22,?), ref: 008DDE16
                                                                                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 008DCF45
                                                                                                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 008DCF7F
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008DD005
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008DD01B
                                                                                                                                                                                                                                                                                                                                                                        • SHFileOperationW.SHELL32(?), ref: 008DD061
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FileFullNamePath_wcslen$MoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                        • String ID: \*.*
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3164238972-1173974218
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b1873ed7b5b033f73a2c4a98cf5eabbf3b940b549c884aeed15e6c2be2ac44fc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d0dcbfd901e2731374ee6992e59fddcee123c688a64aac7325f4b78385f5145b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b1873ed7b5b033f73a2c4a98cf5eabbf3b940b549c884aeed15e6c2be2ac44fc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 034163B19452195FDF12EBA4C981EDEB7B9FF08380F0001E7E549EB241EE74AA48CB51
                                                                                                                                                                                                                                                                                                                                                                        Function 00902DFD Relevance: 10.6, APIs: 7, Instructions: 99windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00902E1C
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00902E4F
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00902E84
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00902EB6
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00902EE0
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00902EF1
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00902F0B
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LongWindow$MessageSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2178440468-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6128f12715adcbf18c63552b61fa86d074299843e5c537c49a92cf227a79a241
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ad81c6a4e5b5f9b1e9a49f67c152deac849a72112c819c94f63e1d708400b27f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6128f12715adcbf18c63552b61fa86d074299843e5c537c49a92cf227a79a241
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 01310634698151AFDB21CF58DC88F6537E9FB8AB50F150164FA058F2F2CB71A880EB41
                                                                                                                                                                                                                                                                                                                                                                        Function 008D7726 Relevance: 10.6, APIs: 7, Instructions: 94memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008D7769
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008D778F
                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 008D7792
                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 008D77B0
                                                                                                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32(?), ref: 008D77B9
                                                                                                                                                                                                                                                                                                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 008D77DE
                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 008D77EC
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4bf740e0bacc3f443b9360415a6a806056cf0ff7b58781a90bcc0deb8c59097e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f30b93acf30f132ec0b3d9a0679d89195b182a098b8accd5ebc8cb966d83da11
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4bf740e0bacc3f443b9360415a6a806056cf0ff7b58781a90bcc0deb8c59097e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE219576608219AFDB10EFA8CC84CBB77ACFB097647048626FA15DB2A1E670DC418764
                                                                                                                                                                                                                                                                                                                                                                        Function 008D77FD Relevance: 10.6, APIs: 7, Instructions: 89memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008D7842
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000), ref: 008D7868
                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000000), ref: 008D786B
                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32 ref: 008D788C
                                                                                                                                                                                                                                                                                                                                                                        • SysFreeString.OLEAUT32 ref: 008D7895
                                                                                                                                                                                                                                                                                                                                                                        • StringFromGUID2.OLE32(?,?,00000028), ref: 008D78AF
                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(?), ref: 008D78BD
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: String$Alloc$ByteCharMultiWide$FreeFrom
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3761583154-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c0bb92c9c3c3916e9d4d0fb7330642c1b8bc5a6ca79e055c250b116244f92bde
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b7ba00616c8fa0d54efb7b0bc5e54f50eea13eae41b0117dc8053b18a074cc60
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c0bb92c9c3c3916e9d4d0fb7330642c1b8bc5a6ca79e055c250b116244f92bde
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FB214475608108AFDB10AFA8DC89DAA77ECFB097607108236F915CB2A1E674DC41DB68
                                                                                                                                                                                                                                                                                                                                                                        Function 008E04D2 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(0000000C), ref: 008E04F2
                                                                                                                                                                                                                                                                                                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 008E052E
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                        • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1aa3d50539942dda9ba1b1f47aa6f43a06e4341e0363e8d0150569a050d61c97
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6a8b63666489e708f038dc0d72829a536f717531ad38ce8d0b063ce91767698c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1aa3d50539942dda9ba1b1f47aa6f43a06e4341e0363e8d0150569a050d61c97
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88212AB5504345AFDB209F6ADC44A9A7BB4FF46724F604E19F8A1E62E0D7B0D980DF20
                                                                                                                                                                                                                                                                                                                                                                        Function 008E05A7 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 80pipeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetStdHandle.KERNEL32(000000F6), ref: 008E05C6
                                                                                                                                                                                                                                                                                                                                                                        • CreatePipe.KERNEL32(?,?,0000000C,00000000), ref: 008E0601
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateHandlePipe
                                                                                                                                                                                                                                                                                                                                                                        • String ID: nul
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1424370930-2873401336
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 79a7639a59d5b2bba985161c989f0b0139b74966b6218c7fc9ce9e31dcde3c87
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1dab7e7a4616041ed4530fe269ecafaad6958effa0a3c9cb081be47917d0ff4e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 79a7639a59d5b2bba985161c989f0b0139b74966b6218c7fc9ce9e31dcde3c87
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE215C755003459FDB209F6A9804A9A77A4FFA6724F240F19F8A1E62E0D6B098A0CF10
                                                                                                                                                                                                                                                                                                                                                                        Function 009040AD Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0087600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0087604C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0087600E: GetStockObject.GDI32(00000011), ref: 00876060
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0087600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0087606A
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00002001,00000000,FF000000), ref: 00904112
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000409,00000000,FF000000), ref: 0090411F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0090412A
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000401,00000000,00640000), ref: 00904139
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000404,00000001,00000000), ref: 00904145
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$CreateObjectStockWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Msctls_Progress32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1025951953-3636473452
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: af272d942879459aa8d1b4729870456de73aeea43fb3cfd15a03f59c3c6b1123
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c0e5522507e5fcfb3001a4a01263578d832c6398fb8a8373c5a555d40984e445
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: af272d942879459aa8d1b4729870456de73aeea43fb3cfd15a03f59c3c6b1123
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 871193B215011DBEEF218F64CC85EE77F6DEF18798F004110B718E2190CA729C61DBA4
                                                                                                                                                                                                                                                                                                                                                                        Function 008AD7DF Relevance: 10.6, APIs: 7, Instructions: 65COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008AD7A3: _free.LIBCMT ref: 008AD7CC
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008AD82D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008AD7D1,00000000,00000000,00000000,00000000,?,008AD7F8,00000000,00000007,00000000,?,008ADBF5,00000000), ref: 008A29DE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A29C8: GetLastError.KERNEL32(00000000,?,008AD7D1,00000000,00000000,00000000,00000000,?,008AD7F8,00000000,00000007,00000000,?,008ADBF5,00000000,00000000), ref: 008A29F0
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008AD838
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008AD843
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008AD897
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008AD8A2
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008AD8AD
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008AD8B8
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b71c5759d9493e1b6ab6ccd71d39aa440f5665ef5ed3824197578a34cd4075ff
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d5e9bbcb1dbdafe4c8d3bd98f36014f41f46dc5d4a3df644b036f3c2391e0fc8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 58113D71540B04AAE531BFB8CC47FCB7BDCFF02700F440825B29AE6CA2DA65B5058652
                                                                                                                                                                                                                                                                                                                                                                        Function 008DDA5A Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,?,?,00000100,00000000), ref: 008DDA74
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000), ref: 008DDA7B
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleW.KERNEL32(00000000,00001389,?,00000100), ref: 008DDA91
                                                                                                                                                                                                                                                                                                                                                                        • LoadStringW.USER32(00000000), ref: 008DDA98
                                                                                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,?,?,00011010), ref: 008DDADC
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        • %s (%d) : ==> %s: %s %s, xrefs: 008DDAB9
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: HandleLoadModuleString$Message
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s (%d) : ==> %s: %s %s
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4072794657-3128320259
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9d365c54b1917b29b14deef9f299ad05cd811bcccfc8a41b68b2d2efd6f1ac6d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6e74a13623ea6268e8353e83c7d43cb2f16ec366be89b3601b5736d47c578d04
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9d365c54b1917b29b14deef9f299ad05cd811bcccfc8a41b68b2d2efd6f1ac6d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 590186F69043187FE750ABA4DD89EEB336CE708305F404692F746E2081E6749E844F74
                                                                                                                                                                                                                                                                                                                                                                        Function 008E096B Relevance: 10.5, APIs: 7, Instructions: 35synchronizationthreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(00BAE7E8,00BAE7E8), ref: 008E097B
                                                                                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(00BAE7C8,00000000), ref: 008E098D
                                                                                                                                                                                                                                                                                                                                                                        • TerminateThread.KERNEL32(?,000001F6), ref: 008E099B
                                                                                                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000003E8), ref: 008E09A9
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 008E09B8
                                                                                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(00BAE7E8,000001F6), ref: 008E09C8
                                                                                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(00BAE7C8), ref: 008E09CF
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CriticalExchangeInterlockedSection$CloseEnterHandleLeaveObjectSingleTerminateThreadWait
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3495660284-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e8ebbd3ceb1aeb08b7a4e241173dd88eb5528bc081d404fe07a0cde2d5e3fcd0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0c92de8085aa507457dba42ca0c549ebf7db779de04765d6dcb1a48ba5fe5f06
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8ebbd3ceb1aeb08b7a4e241173dd88eb5528bc081d404fe07a0cde2d5e3fcd0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: ABF03171456502BFD7416F94EE8CBD67B35FF01702F401215F10190CA1C77494A5DF90
                                                                                                                                                                                                                                                                                                                                                                        Function 008F1C60 Relevance: 9.3, APIs: 6, Instructions: 298networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __WSAFDIsSet.WSOCK32(00000000,?,00000000,00000000,?,00000064,00000000), ref: 008F1DC0
                                                                                                                                                                                                                                                                                                                                                                        • #17.WSOCK32(00000000,?,?,00000000,?,00000010), ref: 008F1DE1
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 008F1DF2
                                                                                                                                                                                                                                                                                                                                                                        • htons.WSOCK32(?,?,?,?,?), ref: 008F1EDB
                                                                                                                                                                                                                                                                                                                                                                        • inet_ntoa.WSOCK32(?), ref: 008F1E8C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D39E8: _strlen.LIBCMT ref: 008D39F2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008F3224: MultiByteToWideChar.KERNEL32(00000000,00000001,?,?,00000000,00000000,00000000,?,?,?,?,008EEC0C), ref: 008F3240
                                                                                                                                                                                                                                                                                                                                                                        • _strlen.LIBCMT ref: 008F1F35
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _strlen$ByteCharErrorLastMultiWidehtonsinet_ntoa
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3203458085-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9e1bb3ebcd951387538f2ab52ae1fdbd341bd15bee9e16eeb3e8b201d82e8771
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a29c59cea261a04695d3ba0e26654b804347172de0ffcad396fa8f81f82b14b6
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9e1bb3ebcd951387538f2ab52ae1fdbd341bd15bee9e16eeb3e8b201d82e8771
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A9B1BE30204344AFC724EF28C889E3A7BA5FF85318F54855CF55A9B2A2DB31ED45CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 00875D0A Relevance: 9.3, APIs: 6, Instructions: 276COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00875D30
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00875D71
                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00875D99
                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?,?), ref: 00875ED7
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00875EF8
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Rect$Client$Window$Screen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1296646539-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c6e8c3d19612f7f43743bf243e4512faf4681093fa1b6a568845d11fe6a1cca0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fc1f42a078a210cd0f8c29d9d19cc5d4ef523d6e6d17c2e2f26901730813448b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c6e8c3d19612f7f43743bf243e4512faf4681093fa1b6a568845d11fe6a1cca0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F0B17735A00A4ADBDB10CFA9C4817EEBBF1FF58310F14951AE8AAD7254DB30EA40DB50
                                                                                                                                                                                                                                                                                                                                                                        Function 008A01B7 Relevance: 9.3, APIs: 6, Instructions: 269COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 008A00BA
                                                                                                                                                                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008A00D6
                                                                                                                                                                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 008A00ED
                                                                                                                                                                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008A010B
                                                                                                                                                                                                                                                                                                                                                                        • __allrem.LIBCMT ref: 008A0122
                                                                                                                                                                                                                                                                                                                                                                        • __ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z.LIBCMT ref: 008A0140
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Unothrow_t@std@@@__allrem__ehfuncinfo$??2@
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1992179935-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 84c86851604e99395b9e4c84146bed8f3c6d867898e153ec4ab569d0ef3fa8e4
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8fbb49ba762f8ece8e29681380aa111ddf72d6c7443a1a5a7b6c612577c50f6c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B881C771A00B069BFB24AF6CCC41BAA73E9FF52764F244539F551D7A82EB70D9008B51
                                                                                                                                                                                                                                                                                                                                                                        Function 008A61FE Relevance: 9.2, APIs: 6, Instructions: 216COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000000,?,?,00000000,00000000,?,008982D9,008982D9,?,?,?,008A644F,00000001,00000001,8BE85006), ref: 008A6258
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(00000001,00000001,?,?,00000000,?,?,?,?,008A644F,00000001,00000001,8BE85006,?,?,?), ref: 008A62DE
                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000001,00000000,00000000,00000000,?,8BE85006,00000000,00000000,?,00000400,00000000,?,00000000,00000000,00000000,00000000), ref: 008A63D8
                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 008A63E5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A3820: RtlAllocateHeap.NTDLL(00000000,?,00941444,?,0088FDF5,?,?,0087A976,00000010,00941440,008713FC,?,008713C6,?,00871129), ref: 008A3852
                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 008A63EE
                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 008A6413
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide__freea$AllocateHeap
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1414292761-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4618e9ab21a01c98c7d5d3c3fd043daa8c22a3f5a524166dbfccdf22a6bb918d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8e0184c18aac29f6034b715578b403f23f0b5e08e86cb3b124edaf0e481916e9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4618e9ab21a01c98c7d5d3c3fd043daa8c22a3f5a524166dbfccdf22a6bb918d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F351BF72A00216AFFF258F64CC81EAF76A9FF46710F184629F905D6644FB34DC61D660
                                                                                                                                                                                                                                                                                                                                                                        Function 008FBBDB Relevance: 9.2, APIs: 6, Instructions: 191registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,008FB6AE,?,?), ref: 008FC9B5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FC998: _wcslen.LIBCMT ref: 008FC9F1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FC998: _wcslen.LIBCMT ref: 008FCA68
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FC998: _wcslen.LIBCMT ref: 008FCA9E
                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008FBCCA
                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 008FBD25
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 008FBD6A
                                                                                                                                                                                                                                                                                                                                                                        • RegEnumValueW.ADVAPI32(?,-00000001,?,?,00000000,?,00000000,00000000), ref: 008FBD99
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?,00000000), ref: 008FBDF3
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?), ref: 008FBDFF
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpperValue
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1120388591-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 98bd8aa3447c20d2590681e77579139f9aaa5c2ecac6c5b4a5291d31ee91a3f0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5b32e6fecfdb354c92928161f8dd02950433e9a13ceaaa103d604e5e93e4a4f4
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 98bd8aa3447c20d2590681e77579139f9aaa5c2ecac6c5b4a5291d31ee91a3f0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3981A270108245EFD714DF24C881E2ABBE5FF84348F14855CF6598B2A2DB31ED45CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 008CF7AD Relevance: 9.2, APIs: 6, Instructions: 183memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(00000035), ref: 008CF7B9
                                                                                                                                                                                                                                                                                                                                                                        • SysAllocString.OLEAUT32(00000001), ref: 008CF860
                                                                                                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(008CFA64,00000000), ref: 008CF889
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(008CFA64), ref: 008CF8AD
                                                                                                                                                                                                                                                                                                                                                                        • VariantCopy.OLEAUT32(008CFA64,00000000), ref: 008CF8B1
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 008CF8BB
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearCopy$AllocInitString
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3859894641-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f8ae28edcffaacd7202ed3567f722b7c2e330ba3228027dbbf17e564ec45bc6f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 54a6303aa16fce4236f0b5a469085f8814300afcc8c8aadcf26f7831b8f471e9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f8ae28edcffaacd7202ed3567f722b7c2e330ba3228027dbbf17e564ec45bc6f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E51E331600314ABEF24AB69D895F29B7B6FF45314B20846AEA05DF297DB70CC44C757
                                                                                                                                                                                                                                                                                                                                                                        Function 008E910C Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 383COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00877620: _wcslen.LIBCMT ref: 00877625
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00876B57: _wcslen.LIBCMT ref: 00876B6A
                                                                                                                                                                                                                                                                                                                                                                        • GetOpenFileNameW.COMDLG32(00000058), ref: 008E94E5
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008E9506
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008E952D
                                                                                                                                                                                                                                                                                                                                                                        • GetSaveFileNameW.COMDLG32(00000058), ref: 008E9585
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$FileName$OpenSave
                                                                                                                                                                                                                                                                                                                                                                        • String ID: X
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 83654149-3081909835
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bd4064a84eb6ac09a26d68720294e51314970384801b90df9e0af227df0b64c1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7a4524502062b0033b4fe9006c21efc2fb0f4d4f150e9708995f474a6e340f6c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bd4064a84eb6ac09a26d68720294e51314970384801b90df9e0af227df0b64c1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5E1AF315083409FD724EF29C881A6AB7E0FF86314F14896DF899DB2A2DB71DD45CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 0088920C Relevance: 9.1, APIs: 6, Instructions: 113COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00889BB2
                                                                                                                                                                                                                                                                                                                                                                        • BeginPaint.USER32(?,?,?), ref: 00889241
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 008892A5
                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 008892C2
                                                                                                                                                                                                                                                                                                                                                                        • SetViewportOrgEx.GDI32(00000000,?,?,00000000), ref: 008892D3
                                                                                                                                                                                                                                                                                                                                                                        • EndPaint.USER32(?,?,?,?,?), ref: 00889321
                                                                                                                                                                                                                                                                                                                                                                        • Rectangle.GDI32(00000000,00000000,00000000,?,?), ref: 008C71EA
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889339: BeginPath.GDI32(00000000), ref: 00889357
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: BeginPaintWindow$ClientLongPathRectRectangleScreenViewport
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3050599898-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 546c90569972ea1dd072e4ff79b5c782b919940b62cacf8086fe07ae28e611a8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 84d55b1b8ee8abcd8fafa5b857bc3a1cdfa8b7dab8bfb7bad58b0ce411c15af9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 546c90569972ea1dd072e4ff79b5c782b919940b62cacf8086fe07ae28e611a8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2419D70108201AFD721EF64DC84FBA7BB8FB56324F180269F9A5C72E1C7719845EB62
                                                                                                                                                                                                                                                                                                                                                                        Function 008E07EF Relevance: 9.1, APIs: 6, Instructions: 107fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F5), ref: 008E080C
                                                                                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,0000FFFF,?,00000000), ref: 008E0847
                                                                                                                                                                                                                                                                                                                                                                        • EnterCriticalSection.KERNEL32(?), ref: 008E0863
                                                                                                                                                                                                                                                                                                                                                                        • LeaveCriticalSection.KERNEL32(?), ref: 008E08DC
                                                                                                                                                                                                                                                                                                                                                                        • ReadFile.KERNEL32(?,?,0000FFFF,00000000,00000000), ref: 008E08F3
                                                                                                                                                                                                                                                                                                                                                                        • InterlockedExchange.KERNEL32(?,000001F6), ref: 008E0921
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CriticalExchangeFileInterlockedReadSection$EnterLeave
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3368777196-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ffa49971e9182e418848c01970dda1c3f35ed6135b36f867f428ff797f015d87
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8e8e191644a4039e8168b7a837e55030a4ccb282ac60318addcdee9ebcb89342
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ffa49971e9182e418848c01970dda1c3f35ed6135b36f867f428ff797f015d87
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5C415671900205EFDF14AF58DC85AAA77B8FF45300B1444A5E900DE297DB70DEA1DFA1
                                                                                                                                                                                                                                                                                                                                                                        Function 009081DB Relevance: 9.1, APIs: 6, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,00000000,?,00000000,00000000,?,008CF3AB,00000000,?,?,00000000,?,008C682C,00000004,00000000,00000000), ref: 0090824C
                                                                                                                                                                                                                                                                                                                                                                        • EnableWindow.USER32(?,00000000), ref: 00908272
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(FFFFFFFF,00000000), ref: 009082D1
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(?,00000004), ref: 009082E5
                                                                                                                                                                                                                                                                                                                                                                        • EnableWindow.USER32(?,00000001), ref: 0090830B
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000130C,00000000,00000000), ref: 0090832F
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Show$Enable$MessageSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 642888154-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 90a34274ae268553621eabaacd7fe4dd05f99e4029af535899273648ef939ac8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c48d14c2e69fa968cde2e170dae8d0046e5317c0745189575e058df4a5d593f3
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 90a34274ae268553621eabaacd7fe4dd05f99e4029af535899273648ef939ac8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0241D534705644EFDF25CF18D899FE57BE4FB4A754F180268E6984B2E2CB31A881DB40
                                                                                                                                                                                                                                                                                                                                                                        Function 008D4C7D Relevance: 9.1, APIs: 6, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • IsWindowVisible.USER32(?), ref: 008D4C95
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 008D4CB2
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000000D,00000001,00000000), ref: 008D4CEA
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008D4D08
                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(00000000,00000000,?,?,?,?), ref: 008D4D10
                                                                                                                                                                                                                                                                                                                                                                        • _wcsstr.LIBVCRUNTIME ref: 008D4D1A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$BuffCharUpperVisibleWindow_wcslen_wcsstr
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 72514467-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6560a4cc787a209ffff16b43332adb47b10e9dd66ea8f50df1ff288979f8bdd8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9fe091df673739a74e4176e64679b55707ff8d8f188ac3ac981b553f193376ce
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6560a4cc787a209ffff16b43332adb47b10e9dd66ea8f50df1ff288979f8bdd8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE214972204205BFEB256B39DC09E3B7B9DFF45710F10522AF805CA292DE71CC0193A0
                                                                                                                                                                                                                                                                                                                                                                        Function 008E581E Relevance: 9.1, APIs: 4, Strings: 1, Instructions: 336comCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00873AA2: GetFullPathNameW.KERNEL32(?,00007FFF,?,00000000,?,?,00873A97,?,?,00872E7F,?,?,?,00000000), ref: 00873AC2
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008E587B
                                                                                                                                                                                                                                                                                                                                                                        • CoInitialize.OLE32(00000000), ref: 008E5995
                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(0090FCF8,00000000,00000001,0090FB68,?), ref: 008E59AE
                                                                                                                                                                                                                                                                                                                                                                        • CoUninitialize.OLE32 ref: 008E59CC
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateFullInitializeInstanceNamePathUninitialize_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: .lnk
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3172280962-24824748
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e5d5d674b2731cbd29712bf848068e7f0f75c62455678a09ccbea8266c60b42f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2e8130565f778e3e18cbd65aaef581c182e74550533f3b5093e2f072c9e37c14
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e5d5d674b2731cbd29712bf848068e7f0f75c62455678a09ccbea8266c60b42f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FFD155716086019FC714EF29C48096ABBE1FF8A728F14885DF889DB361DB31ED45CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 008D175D Relevance: 9.1, APIs: 6, Instructions: 68memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D0FB4: GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 008D0FCA
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D0FB4: GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 008D0FD6
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D0FB4: GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 008D0FE5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D0FB4: HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 008D0FEC
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D0FB4: GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 008D1002
                                                                                                                                                                                                                                                                                                                                                                        • GetLengthSid.ADVAPI32(?,00000000,008D1335), ref: 008D17AE
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,00000000), ref: 008D17BA
                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000), ref: 008D17C1
                                                                                                                                                                                                                                                                                                                                                                        • CopySid.ADVAPI32(00000000,00000000,?), ref: 008D17DA
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000,008D1335), ref: 008D17EE
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 008D17F5
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$Process$AllocInformationToken$CopyErrorFreeLastLength
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3008561057-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f7da7c36161eedd77331d84b46e088c18bbf9b7f02764cd27fdf26019b73da19
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 896b1f691a5cdd06d1ebd03367be58a68db2af1b5b58babd11b59318c8babbae
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f7da7c36161eedd77331d84b46e088c18bbf9b7f02764cd27fdf26019b73da19
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3118971618205FFDF109FA4CC49BAE7BB9FF45355F10421AE441D7224C735A940DB60
                                                                                                                                                                                                                                                                                                                                                                        Function 008D14CE Relevance: 9.1, APIs: 6, Instructions: 64processCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(0000000A,00000004), ref: 008D14FF
                                                                                                                                                                                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000), ref: 008D1506
                                                                                                                                                                                                                                                                                                                                                                        • CreateEnvironmentBlock.USERENV(?,00000004,00000001), ref: 008D1515
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000004), ref: 008D1520
                                                                                                                                                                                                                                                                                                                                                                        • CreateProcessWithLogonW.ADVAPI32(?,?,?,00000000,00000000,?,?,00000000,?,?,?), ref: 008D154F
                                                                                                                                                                                                                                                                                                                                                                        • DestroyEnvironmentBlock.USERENV(00000000), ref: 008D1563
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$BlockCreateEnvironment$CloseCurrentDestroyHandleLogonOpenTokenWith
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1413079979-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7e17b18dc04177b0449ee62765863fce3be87213accc1d3caa8a9d2de034b8e3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e3bae644f5088553ede57ab9f52d91c22db61d8846041172b8a87f4bbb7a9049
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e17b18dc04177b0449ee62765863fce3be87213accc1d3caa8a9d2de034b8e3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F41117B2514209BFDF118F98ED49BDA7BBAFF48744F048215FA05E21A0C3758E60EB60
                                                                                                                                                                                                                                                                                                                                                                        Function 00893382 Relevance: 9.1, APIs: 6, Instructions: 60COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,00893379,00892FE5), ref: 00893390
                                                                                                                                                                                                                                                                                                                                                                        • ___vcrt_FlsGetValue.LIBVCRUNTIME ref: 0089339E
                                                                                                                                                                                                                                                                                                                                                                        • ___vcrt_FlsSetValue.LIBVCRUNTIME ref: 008933B7
                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,00893379,00892FE5), ref: 00893409
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLastValue___vcrt_
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3852720340-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6da13c6f64f5252fbcbe90772b4966021a0c4c152ac1b654090b9267ef45ca6e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d3c4f591ef4e5afb9ec2dd8a93600e1263790e4f585a304314de836c9bbad6fb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6da13c6f64f5252fbcbe90772b4966021a0c4c152ac1b654090b9267ef45ca6e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2301247222D711BEEF2937787C859272A94FB253793280329F411D02F0EF114D027A45
                                                                                                                                                                                                                                                                                                                                                                        Function 008A2D74 Relevance: 9.0, APIs: 6, Instructions: 50COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,008A5686,008B3CD6,?,00000000,?,008A5B6A,?,?,?,?,?,0089E6D1,?,00938A48), ref: 008A2D78
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A2DAB
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A2DD3
                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,?,?,0089E6D1,?,00938A48,00000010,00874F4A,?,?,00000000,008B3CD6), ref: 008A2DE0
                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,?,?,?,?,0089E6D1,?,00938A48,00000010,00874F4A,?,?,00000000,008B3CD6), ref: 008A2DEC
                                                                                                                                                                                                                                                                                                                                                                        • _abort.LIBCMT ref: 008A2DF2
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free$_abort
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3160817290-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 59a2c7de08474568023d62c5bf69c63b4b173db8ddcaca1ed642008277967b75
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6d1aeafa1d128bb22b99ed211cf50fbecaa7921e29c11756e192f61b1094e82b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 59a2c7de08474568023d62c5bf69c63b4b173db8ddcaca1ed642008277967b75
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6CF0A471519A046BF632277DBC06F1B265AFFC37A5F250618F924D29D3FF2488016162
                                                                                                                                                                                                                                                                                                                                                                        Function 00908A24 Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00889693
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889639: SelectObject.GDI32(?,00000000), ref: 008896A2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889639: BeginPath.GDI32(?), ref: 008896B9
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889639: SelectObject.GDI32(?,00000000), ref: 008896E2
                                                                                                                                                                                                                                                                                                                                                                        • MoveToEx.GDI32(?,-00000002,00000000,00000000), ref: 00908A4E
                                                                                                                                                                                                                                                                                                                                                                        • LineTo.GDI32(?,00000003,00000000), ref: 00908A62
                                                                                                                                                                                                                                                                                                                                                                        • MoveToEx.GDI32(?,00000000,-00000002,00000000), ref: 00908A70
                                                                                                                                                                                                                                                                                                                                                                        • LineTo.GDI32(?,00000000,00000003), ref: 00908A80
                                                                                                                                                                                                                                                                                                                                                                        • EndPath.GDI32(?), ref: 00908A90
                                                                                                                                                                                                                                                                                                                                                                        • StrokePath.GDI32(?), ref: 00908AA0
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Path$LineMoveObjectSelect$BeginCreateStroke
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 43455801-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c52179808d3e8d5ce7b2d0af0d1dda1eabb6853d20da47c925b8de0fea96d4ac
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6d3fcacdbf73ec63a08929bc960804cb3bcbc165214bb6a5917fdabc9305cf73
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c52179808d3e8d5ce7b2d0af0d1dda1eabb6853d20da47c925b8de0fea96d4ac
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5110976104109FFEF129F94DC88EAA7F6CEB08390F048112FA599A1A1C7719D55EBA0
                                                                                                                                                                                                                                                                                                                                                                        Function 008D51FD Relevance: 9.0, APIs: 6, Instructions: 49COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 008D5218
                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,00000058), ref: 008D5229
                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000005A), ref: 008D5230
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000000), ref: 008D5238
                                                                                                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(000009EC,?,00000000), ref: 008D524F
                                                                                                                                                                                                                                                                                                                                                                        • MulDiv.KERNEL32(000009EC,00000001,?), ref: 008D5261
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CapsDevice$Release
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1035833867-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 14efb63202febf19b0cf66d552ff2bda5a8b53d903c2ceea2c921fdc132bef5c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ff5f9126e48bb23d0f5af5173952fdcfb17a0035947bad2073a1a14dea619cf3
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 14efb63202febf19b0cf66d552ff2bda5a8b53d903c2ceea2c921fdc132bef5c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 99014FB5A04719BFEB109BA59C49F5EBFB8FB48751F044166FA04E7281DA709804DFA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00871BC3 Relevance: 9.0, APIs: 6, Instructions: 44keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(0000005B,00000000), ref: 00871BF4
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000010,00000000), ref: 00871BFC
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(000000A0,00000000), ref: 00871C07
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(000000A1,00000000), ref: 00871C12
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000011,00000000), ref: 00871C1A
                                                                                                                                                                                                                                                                                                                                                                        • MapVirtualKeyW.USER32(00000012,00000000), ref: 00871C22
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Virtual
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4278518827-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c4b6f13375f9ff4c3ffbc1af26b9229e8ffdad016280eed70d110b1024670be4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 570fd1afc261f3e1153463b832deee2c304fd438f33f6f6741e4a6a76d5252c1
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c4b6f13375f9ff4c3ffbc1af26b9229e8ffdad016280eed70d110b1024670be4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DB016CB090275A7DE3008F5A8C85B52FFE8FF19354F00411B915C47941C7F5A864CBE5
                                                                                                                                                                                                                                                                                                                                                                        Function 008DEB20 Relevance: 9.0, APIs: 6, Instructions: 42windowtimethreadCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(?,00000010,00000000,00000000), ref: 008DEB30
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000010,00000000,00000000,00000002,000001F4,?), ref: 008DEB46
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,?), ref: 008DEB55
                                                                                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(001F0FFF,00000000,?,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008DEB64
                                                                                                                                                                                                                                                                                                                                                                        • TerminateProcess.KERNEL32(00000000,00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008DEB6E
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,00000010,00000000,00000000,00000002,000001F4,?,?,00000010,00000000,00000000), ref: 008DEB75
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$Message$CloseHandleOpenPostSendTerminateThreadTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 839392675-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 09934cc318158c6b761a01dde02bad44e38e0ca3d4adda61fc1c22d2e26b23d6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 71d261b0b032f6963daae335ed9864ebb9776a947ae53df5273b1154155fd8ad
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09934cc318158c6b761a01dde02bad44e38e0ca3d4adda61fc1c22d2e26b23d6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F5F09AB2214119BFE7205B629C0EEEF3A7CEFCAF11F000259F601E1090D7A11A01EAB4
                                                                                                                                                                                                                                                                                                                                                                        Function 008C7439 Relevance: 9.0, APIs: 6, Instructions: 37windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetClientRect.USER32(?), ref: 008C7452
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001328,00000000,?), ref: 008C7469
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowDC.USER32(?), ref: 008C7475
                                                                                                                                                                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,?,?), ref: 008C7484
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?,00000000), ref: 008C7496
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000005), ref: 008C74B0
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClientColorMessagePixelRectReleaseSendWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 272304278-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5b45b341e7d15a2d20618e0ad47193fdda6da1a55e4403e89d0d739ce60b28bb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 91da6a0045ac6b0145695f8c0a25b9d911b3bb8fd4619c4ee6f80ca2ee26b3bc
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5b45b341e7d15a2d20618e0ad47193fdda6da1a55e4403e89d0d739ce60b28bb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A2018B7141820AFFDB605F64DC08FAA7BB5FF04321F100264FA15A20A0CB311E41BF10
                                                                                                                                                                                                                                                                                                                                                                        Function 008D1874 Relevance: 9.0, APIs: 6, Instructions: 23memorysynchronizationCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(?,000000FF), ref: 008D187F
                                                                                                                                                                                                                                                                                                                                                                        • UnloadUserProfile.USERENV(?,?), ref: 008D188B
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 008D1894
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 008D189C
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,?), ref: 008D18A5
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 008D18AC
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseHandleHeap$FreeObjectProcessProfileSingleUnloadUserWait
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 146765662-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 442514f329f9c323caba379569c1653dc24cb65150f052f50d224ccc33f01419
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 958b2c3799fb9828ffe69f494979f92b8f34f0041ca4e5ad02a6fcffd401830e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 442514f329f9c323caba379569c1653dc24cb65150f052f50d224ccc33f01419
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D2E0E5B602C101BFDB015FA1ED0C90ABF39FF49B22B108320F225810B0CB329460EF90
                                                                                                                                                                                                                                                                                                                                                                        Function 008DC5D0 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 191windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00877620: _wcslen.LIBCMT ref: 00877625
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,00000000,?), ref: 008DC6EE
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008DC735
                                                                                                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(?,?,00000000,?), ref: 008DC79C
                                                                                                                                                                                                                                                                                                                                                                        • SetMenuDefaultItem.USER32(?,000000FF,00000000), ref: 008DC7CA
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ItemMenu$Info_wcslen$Default
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1227352736-4108050209
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a1c7d202cf903bc58698a7d1699f7b67c82661689fdb772f8e0f4ceffc407023
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fb0b9bdade0a59b82a3b3a3064c0aa688a8dc73421e53d795b6b0273b4bb38bc
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1c7d202cf903bc58698a7d1699f7b67c82661689fdb772f8e0f4ceffc407023
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B951DC716183029BD724AF2CD885B6AB7E8FF89314F040B2EF995D23A1DB70D844DB52
                                                                                                                                                                                                                                                                                                                                                                        Function 008FAD64 Relevance: 8.9, APIs: 3, Strings: 2, Instructions: 176COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ShellExecuteExW.SHELL32(0000003C), ref: 008FAEA3
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00877620: _wcslen.LIBCMT ref: 00877625
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessId.KERNEL32(00000000), ref: 008FAF38
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 008FAF67
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseExecuteHandleProcessShell_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: <$@
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 146682121-1426351568
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: edc4a6941751cab12372427f3a5ceaae474bab75a76c3d1676d3151e7795ab23
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8a48a6f0237ddda6269c69f88c172b47046576fcc5a940543e07e40cf04cf8f0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: edc4a6941751cab12372427f3a5ceaae474bab75a76c3d1676d3151e7795ab23
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 80713B75A00219DFCB14DF68C484AAEBBB4FF08314F148459E91AEB351CB74ED41CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 008D719E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 120comlibraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CoCreateInstance.OLE32(?,00000000,00000005,?,?,?,?,?,?,?,?,?,?,?), ref: 008D7206
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001,?,?,?,?,?,?,?,?,?), ref: 008D723C
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(?,DllGetClassObject), ref: 008D724D
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,?,?,?,?,?,?,?), ref: 008D72CF
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$AddressCreateInstanceProc
                                                                                                                                                                                                                                                                                                                                                                        • String ID: DllGetClassObject
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 753597075-1075368562
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b9d3da890a1bdf55f5373322021fc5c3455d2f9f80c5f123666203f71f334b44
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0891586206ee4a8fb21b4df90c9131f1023d654924c82aba6de230783205150e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b9d3da890a1bdf55f5373322021fc5c3455d2f9f80c5f123666203f71f334b44
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DE417FB1604204EFDB15CF54C884A9A7BA9FF44314F1482AEBD06DF30AE7B0D944CBA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00903D7C Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,000000FF,00000000,00000030), ref: 00903E35
                                                                                                                                                                                                                                                                                                                                                                        • IsMenu.USER32(?), ref: 00903E4A
                                                                                                                                                                                                                                                                                                                                                                        • InsertMenuItemW.USER32(?,?,00000001,00000030), ref: 00903E92
                                                                                                                                                                                                                                                                                                                                                                        • DrawMenuBar.USER32 ref: 00903EA5
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$Item$DrawInfoInsert
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3076010158-4108050209
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2c2f336dbde31ab185b56440aa4fa0a722d72bf9d920a57595166f02661ec625
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0e8f732c724307e26351188aa7824d955a45bb61eb1f20ea0b4ac604bf38cdf0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2c2f336dbde31ab185b56440aa4fa0a722d72bf9d920a57595166f02661ec625
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AA413879A15209EFDB10DF54D884EAABBBDFF49354F048229F905A7290D730AE44DF50
                                                                                                                                                                                                                                                                                                                                                                        Function 008D1DE2 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 93windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008D3CCA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000188,00000000,00000000), ref: 008D1E66
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000018A,00000000,00000000), ref: 008D1E79
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000189,?,00000000), ref: 008D1EA9
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00876B57: _wcslen.LIBCMT ref: 00876B6A
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$_wcslen$ClassName
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2081771294-1403004172
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9be6abf280c2af8bb59f17f5f38dcd405aa5ee1d80c56c5086a5d82cfa6641b4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 044a973bcf05606164b4adc331aaa5ac7866bf6d55580fb323a44c16c5c7dc34
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9be6abf280c2af8bb59f17f5f38dcd405aa5ee1d80c56c5086a5d82cfa6641b4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1210B71A00104BFDF14AB68DC4ACFFB7B9FF45354B14421AF815E72E1DB354A069621
                                                                                                                                                                                                                                                                                                                                                                        Function 00902F17 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 78windowlibraryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000467,00000000,?), ref: 00902F8D
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(?), ref: 00902F94
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000467,00000000,00000000), ref: 00902FA9
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?), ref: 00902FB1
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$DestroyLibraryLoadWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: SysAnimate32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3529120543-1011021900
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a1f2eae07717688dfc50ad1096431dd9801aef564cf3665d959e853c53bc8f5b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: be9de8ecd798a2ee923887b6ee7de88c86b8d8f4723862f0e7c1358af8648656
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a1f2eae07717688dfc50ad1096431dd9801aef564cf3665d959e853c53bc8f5b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5E219D7120420AAFEB215F64DC88EBB77BDEB993A4F104618FA50D21D0D771DC91A760
                                                                                                                                                                                                                                                                                                                                                                        Function 00894D6D Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 38libraryloaderCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleHandleExW.KERNEL32(00000000,mscoree.dll,00000000,?,?,?,00894D1E,008A28E9,?,00894CBE,008A28E9,009388B8,0000000C,00894E15,008A28E9,00000002), ref: 00894D8D
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,CorExitProcess), ref: 00894DA0
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,?,00894D1E,008A28E9,?,00894CBE,008A28E9,009388B8,0000000C,00894E15,008A28E9,00000002,00000000), ref: 00894DC3
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AddressFreeHandleLibraryModuleProc
                                                                                                                                                                                                                                                                                                                                                                        • String ID: CorExitProcess$mscoree.dll
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4061214504-1276376045
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e144620e6a3e4bad2dee7aca57362f6fa4f807e463fc3eef49619d4cd283aa30
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d950f15050f3a4f61fe558acdf5772d28f7c9a7410c75d950277f620a45f09cf
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e144620e6a3e4bad2dee7aca57362f6fa4f807e463fc3eef49619d4cd283aa30
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5F0AF74A14208BFDF11AF90DC09BEDBBF4EF84752F0401A4F809E22A0DB715981EB90
                                                                                                                                                                                                                                                                                                                                                                        Function 00874E90 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 24libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,00874EDD,?,00941418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00874E9C
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64DisableWow64FsRedirection), ref: 00874EAE
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,00874EDD,?,00941418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00874EC0
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Wow64DisableWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 145871493-3689287502
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0f36a7e9d3ce9faf3fe97ec7eed107ddbe61c49d25e56d858a4d1b77af49272a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0fe67b2b90f83fe75b5470eee2780fa65f0da3bf25f47e8206808f820584c635
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0f36a7e9d3ce9faf3fe97ec7eed107ddbe61c49d25e56d858a4d1b77af49272a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8E0C277A1E6229FD3721B25AC18B6F7698FFC2F76B054215FC08E2244DBA4CD0194E0
                                                                                                                                                                                                                                                                                                                                                                        Function 00874E59 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 22libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryA.KERNEL32(kernel32.dll,?,?,008B3CDE,?,00941418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00874E62
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,Wow64RevertWow64FsRedirection), ref: 00874E74
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000,?,?,008B3CDE,?,00941418,00000001,>>>AUTOIT NO CMDEXECUTE<<<,?,?,?,00000000), ref: 00874E87
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Library$AddressFreeLoadProc
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Wow64RevertWow64FsRedirection$kernel32.dll
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 145871493-1355242751
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fce5224bab7eb738cb05a1c3abeeae9a4c8c2e3de317fcb444ee51ca62c52ef3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3d5bcc1fec900f54454cb5f10e3977e65cd2a417c9875fbd838a02780b84f583
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fce5224bab7eb738cb05a1c3abeeae9a4c8c2e3de317fcb444ee51ca62c52ef3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83D0C23351A6215BC6621B246C08D8B2A1CFF85B353459310B808E2158CF60CD01D6D0
                                                                                                                                                                                                                                                                                                                                                                        Function 008E2947 Relevance: 7.8, APIs: 5, Instructions: 313fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 008E2C05
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?), ref: 008E2C87
                                                                                                                                                                                                                                                                                                                                                                        • CopyFileW.KERNEL32(?,?,00000000,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001), ref: 008E2C9D
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 008E2CAE
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(?,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004,00000001,?,?,00000004), ref: 008E2CC0
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: File$Delete$Copy
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3226157194-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6fb2dabcf8f5e54613a34afda677ce167c246644c325feb7802dd599ea60ae61
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 15842d1aba19781bfa6fbd85a98c068cb2691f66688c99ecd283ca29ec4b37ea
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6fb2dabcf8f5e54613a34afda677ce167c246644c325feb7802dd599ea60ae61
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7CB14E71900129ABDF21EBA9CC85EDEB7BDFF49350F1040A6F609E6145EA709A448F62
                                                                                                                                                                                                                                                                                                                                                                        Function 008FA387 Relevance: 7.8, APIs: 5, Instructions: 256COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcessId.KERNEL32 ref: 008FA427
                                                                                                                                                                                                                                                                                                                                                                        • OpenProcess.KERNEL32(00000410,00000000,00000000), ref: 008FA435
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessIoCounters.KERNEL32(00000000,?), ref: 008FA468
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?), ref: 008FA63D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$CloseCountersCurrentHandleOpen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3488606520-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7c367465b6c81315863d7f1a5e752fa957200a9e52c9ba61a2b5899ff5a38bd6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 672cbd31eeb9b19784710d135873d0df74aa895443670a238ab2c380f9bb13e1
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7c367465b6c81315863d7f1a5e752fa957200a9e52c9ba61a2b5899ff5a38bd6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 68A14DB16043019FD724DF28C886B2AB7E5FF44714F14895DF55ADB292DBB0EC418B92
                                                                                                                                                                                                                                                                                                                                                                        Function 008ABB27 Relevance: 7.7, APIs: 5, Instructions: 171timeCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetTimeZoneInformation.KERNEL32(?,00000000,00000000,00000000,?,00913700), ref: 008ABB91
                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,0094121C,000000FF,00000000,0000003F,00000000,?,?), ref: 008ABC09
                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00941270,000000FF,?,0000003F,00000000,?), ref: 008ABC36
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ABB7F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008AD7D1,00000000,00000000,00000000,00000000,?,008AD7F8,00000000,00000007,00000000,?,008ADBF5,00000000), ref: 008A29DE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A29C8: GetLastError.KERNEL32(00000000,?,008AD7D1,00000000,00000000,00000000,00000000,?,008AD7F8,00000000,00000007,00000000,?,008ADBF5,00000000,00000000), ref: 008A29F0
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ABD4B
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide_free$ErrorFreeHeapInformationLastTimeZone
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1286116820-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a6581b6358f6b8c11dd6b7043539cfc29c7c41a0b3cecb7d54f1c367682abae6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 288221571c6324348d29b68ca1de18e1b15fb04e788dc4d4f7e59549370b6c77
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a6581b6358f6b8c11dd6b7043539cfc29c7c41a0b3cecb7d54f1c367682abae6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 08511A71904219AFEB14EF699C41DAEB7BCFF43330F10026AE520D7692EB709E819B51
                                                                                                                                                                                                                                                                                                                                                                        Function 008DE3FB Relevance: 7.7, APIs: 5, Instructions: 167filestringCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DDDE0: GetFullPathNameW.KERNEL32(00000000,00007FFF,?,?,?,?,?,?,008DCF22,?), ref: 008DDDFD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DDDE0: GetFullPathNameW.KERNEL32(?,00007FFF,?,?,?,?,?,008DCF22,?), ref: 008DDE16
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DE199: GetFileAttributesW.KERNEL32(?,008DCF95), ref: 008DE19A
                                                                                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,?), ref: 008DE473
                                                                                                                                                                                                                                                                                                                                                                        • MoveFileW.KERNEL32(?,?), ref: 008DE4AC
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008DE5EB
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008DE603
                                                                                                                                                                                                                                                                                                                                                                        • SHFileOperationW.SHELL32(?,?,?,?,?,?), ref: 008DE650
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: File$FullNamePath_wcslen$AttributesMoveOperationlstrcmpi
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3183298772-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 64a6e06f2cb57a543c7be2dcc8521eb0711b7c2fbeb933df26c755d9d12a1819
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c513ebd86e00f5d67186e25d23e2500cbd8fb69695f27e3c4e263080344fa494
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 64a6e06f2cb57a543c7be2dcc8521eb0711b7c2fbeb933df26c755d9d12a1819
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7D515FB24087455BCB24EB94D8819DB73ECFF94344F004A2FF589D7291EE74A688876B
                                                                                                                                                                                                                                                                                                                                                                        Function 008FB9C9 Relevance: 7.7, APIs: 5, Instructions: 167registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FC998: CharUpperBuffW.USER32(?,?,?,?,?,?,?,008FB6AE,?,?), ref: 008FC9B5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FC998: _wcslen.LIBCMT ref: 008FC9F1
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FC998: _wcslen.LIBCMT ref: 008FCA68
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008FC998: _wcslen.LIBCMT ref: 008FCA9E
                                                                                                                                                                                                                                                                                                                                                                        • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 008FBAA5
                                                                                                                                                                                                                                                                                                                                                                        • RegOpenKeyExW.ADVAPI32(?,?,00000000,?,?), ref: 008FBB00
                                                                                                                                                                                                                                                                                                                                                                        • RegEnumKeyExW.ADVAPI32(?,-00000001,?,?,00000000,00000000,00000000,?), ref: 008FBB63
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(?,?), ref: 008FBBA6
                                                                                                                                                                                                                                                                                                                                                                        • RegCloseKey.ADVAPI32(00000000), ref: 008FBBB3
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$Close$BuffCharConnectEnumOpenRegistryUpper
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 826366716-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 07ca99f1050b31b4ce7ace991a0f08f1dde701229c925903e94042ab38dd7389
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ea9ccec9fb3d6d9912d812b9981d9269010a98c6cc49b14dbcb4077a2f6276b7
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07ca99f1050b31b4ce7ace991a0f08f1dde701229c925903e94042ab38dd7389
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E61A071208245AFD714DF24C491E3ABBE9FF84318F14895CF5998B2A2DB31ED45CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 008D8BB0 Relevance: 7.7, APIs: 5, Instructions: 159COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • VariantInit.OLEAUT32(?), ref: 008D8BCD
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32 ref: 008D8C3E
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32 ref: 008D8C9D
                                                                                                                                                                                                                                                                                                                                                                        • VariantClear.OLEAUT32(?), ref: 008D8D10
                                                                                                                                                                                                                                                                                                                                                                        • VariantChangeType.OLEAUT32(?,?,00000000,00000013), ref: 008D8D3B
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$Clear$ChangeInitType
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4136290138-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fdb1e837269735d852826b37f9395a565fa3a14356586f895b1cde321ad7a42a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b66716b378f71e01878093b8f0e8d66d6c3c731d40af6280b08659d66b62b9b0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fdb1e837269735d852826b37f9395a565fa3a14356586f895b1cde321ad7a42a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AC5159B5A10219EFCB14CF68C894AAAB7F9FF89314B15865AE905DB350E730E911CF90
                                                                                                                                                                                                                                                                                                                                                                        Function 008E8AFB Relevance: 7.6, APIs: 5, Instructions: 143COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(00000003,?,00007FFF,?), ref: 008E8BAE
                                                                                                                                                                                                                                                                                                                                                                        • GetPrivateProfileSectionW.KERNEL32(?,00000003,00000003,?), ref: 008E8BDA
                                                                                                                                                                                                                                                                                                                                                                        • WritePrivateProfileSectionW.KERNEL32(?,?,?), ref: 008E8C32
                                                                                                                                                                                                                                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000003,00000000,00000000,?), ref: 008E8C57
                                                                                                                                                                                                                                                                                                                                                                        • WritePrivateProfileStringW.KERNEL32(00000000,00000000,00000000,?), ref: 008E8C5F
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: PrivateProfile$SectionWrite$String
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2832842796-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9a36eb4a082523c7a1e9b438f73c0b0b1f995d48a2668e6f53c261591e64d0da
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: db18e1931e524b0966811ae1b283cbe8ce588f634b51d71a1abc917ed1ec2773
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9a36eb4a082523c7a1e9b438f73c0b0b1f995d48a2668e6f53c261591e64d0da
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C513635A00218DFCB05DF69C881A6DBBF5FF49314F188058E849AB362CB31ED51DB91
                                                                                                                                                                                                                                                                                                                                                                        Function 008F8EE4 Relevance: 7.6, APIs: 5, Instructions: 143libraryloaderCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryW.KERNEL32(?,00000000,?), ref: 008F8F40
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 008F8FD0
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,00000000), ref: 008F8FEC
                                                                                                                                                                                                                                                                                                                                                                        • GetProcAddress.KERNEL32(00000000,?), ref: 008F9032
                                                                                                                                                                                                                                                                                                                                                                        • FreeLibrary.KERNEL32(00000000), ref: 008F9052
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,00000000,?,?,?,008E1043,?,7556E610), ref: 0088F6E6
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088F6C9: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,008CFA64,00000000,00000000,?,?,008E1043,?,7556E610,?,008CFA64), ref: 0088F70D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AddressProc$ByteCharLibraryMultiWide$FreeLoad
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 666041331-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 235c122fe8f66449d9f02c8268e14755ed92f817702ba3532b7e2657fef7eb78
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 10f0f6e547b760762444d2b748d1fd8bcf643e7061abcfce9efa144f1a01f77b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 235c122fe8f66449d9f02c8268e14755ed92f817702ba3532b7e2657fef7eb78
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96512734604209DFC711DF68C4849A9BBF1FF49314B1981A8E94ADB362DB31ED85CB91
                                                                                                                                                                                                                                                                                                                                                                        Function 00906B76 Relevance: 7.6, APIs: 5, Instructions: 131windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000002,000000F0,?), ref: 00906C33
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,?), ref: 00906C4A
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000002,00001036,00000000,?), ref: 00906C73
                                                                                                                                                                                                                                                                                                                                                                        • ShowWindow.USER32(00000002,00000000,00000002,00000002,?,?,?,?,?,?,?,008EAB79,00000000,00000000), ref: 00906C98
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(?,00000000,00000000,00000000,00000000,00000000,00000027,00000002,?,00000001,00000002,00000002,?,?,?), ref: 00906CC7
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Long$MessageSendShow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3688381893-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 85bb9a3234975e6bae7ae0e0840abf10855f9e62373556e11b20b5a74a64bea9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: bb0cd213ba70dff8aecd85dced12c5b6d0d7a7ad03f08b27e59a413b2c5ea24e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 85bb9a3234975e6bae7ae0e0840abf10855f9e62373556e11b20b5a74a64bea9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1C41EA75A08124AFE724CF28CC54FA57BA9EB09350F140628FAD5A72E0C771ED61DA40
                                                                                                                                                                                                                                                                                                                                                                        Function 008A2051 Relevance: 7.6, APIs: 5, Instructions: 129COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8ec7992a71a00c7a2cbafb8e5c1bf2d516a96ecd3a1963d71fc32a6a16692617
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cf09f86f73eefea4bf2bea4b73b7129aa0f4ad022bade37a73ae81f85eb3e26c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8ec7992a71a00c7a2cbafb8e5c1bf2d516a96ecd3a1963d71fc32a6a16692617
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6E41E172A006049FEB34DF7CC880A5EB7E5FF8A314F1545A9E615EB792DA31AD01CB81
                                                                                                                                                                                                                                                                                                                                                                        Function 0088912D Relevance: 7.6, APIs: 5, Instructions: 121keyboardCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00889141
                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(00000000,?), ref: 0088915E
                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000001), ref: 00889183
                                                                                                                                                                                                                                                                                                                                                                        • GetAsyncKeyState.USER32(00000002), ref: 0088919D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: AsyncState$ClientCursorScreen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4210589936-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 111f5f53c41c1cee86ec63b7d68921e9d61416e58c8c935f3808e8893145b8d0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1476733cf0542977a3373856d206070dd4724b0c09750d9fa35e5d5201777809
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 111f5f53c41c1cee86ec63b7d68921e9d61416e58c8c935f3808e8893145b8d0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C5417C75A0C61AAEDB05AF68C848BFEB774FB05324F24821AE465E22D0C734A950CF91
                                                                                                                                                                                                                                                                                                                                                                        Function 008E3874 Relevance: 7.6, APIs: 5, Instructions: 101windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetInputState.USER32 ref: 008E38CB
                                                                                                                                                                                                                                                                                                                                                                        • TranslateAcceleratorW.USER32(?,00000000,?), ref: 008E3922
                                                                                                                                                                                                                                                                                                                                                                        • TranslateMessage.USER32(?), ref: 008E394B
                                                                                                                                                                                                                                                                                                                                                                        • DispatchMessageW.USER32(?), ref: 008E3955
                                                                                                                                                                                                                                                                                                                                                                        • PeekMessageW.USER32(?,00000000,00000000,00000000,00000001), ref: 008E3966
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Message$Translate$AcceleratorDispatchInputPeekState
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2256411358-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7e50da076a3b7bd4cee21ea8c390ed51528751f846f663b56b05fbc5bd10efa6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9883b3077d6cf23687c60b823ec178b5c44db80425fe942e751e4b953c46805e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7e50da076a3b7bd4cee21ea8c390ed51528751f846f663b56b05fbc5bd10efa6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F131A6745183C5AEEB35DB36984DFB63BA8FB07304F040569E462D31A1E3B49E85DB21
                                                                                                                                                                                                                                                                                                                                                                        Function 008ECF1A Relevance: 7.6, APIs: 5, Instructions: 93networkfileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InternetQueryDataAvailable.WININET(?,?,00000000,00000000,00000000,?,00000000,?,?,?,008EC21E,00000000), ref: 008ECF38
                                                                                                                                                                                                                                                                                                                                                                        • InternetReadFile.WININET(?,00000000,?,?), ref: 008ECF6F
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,?,?,?,008EC21E,00000000), ref: 008ECFB4
                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,008EC21E,00000000), ref: 008ECFC8
                                                                                                                                                                                                                                                                                                                                                                        • SetEvent.KERNEL32(?,?,00000000,?,?,?,008EC21E,00000000), ref: 008ECFF2
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: EventInternet$AvailableDataErrorFileLastQueryRead
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3191363074-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 91b820797d840a91aa437b771bf9c4998486c230ee20e0d6aff7e92d307bb0fb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ebfc5a4f19eaafbb3551668ef5cf6284c4a4f198ae71d2514591f515ed0d9a1a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 91b820797d840a91aa437b771bf9c4998486c230ee20e0d6aff7e92d307bb0fb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EE315EB1A04245EFDB20DFAAC884AABBBF9FF15355B10442EF516D2141DB70EE42DB60
                                                                                                                                                                                                                                                                                                                                                                        Function 008D1901 Relevance: 7.6, APIs: 5, Instructions: 93sleepwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 008D1915
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000001,00000201,00000001), ref: 008D19C1
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?), ref: 008D19C9
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000001,00000202,00000000), ref: 008D19DA
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?), ref: 008D19E2
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessagePostSleep$RectWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3382505437-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 3ddbd794432df34f4908154e35f7ba2d62134b46cc92787955a86fc94afefce3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 79f7ab784eae34c7a9fa6dde2b51c8fc618414ab940ef374e31fd1a2563662a8
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 3ddbd794432df34f4908154e35f7ba2d62134b46cc92787955a86fc94afefce3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D5318AB1A14219BFCB10CFA8C9A9A9E3BB5FF04315F10432AF921E72D1C7709944DB90
                                                                                                                                                                                                                                                                                                                                                                        Function 00905706 Relevance: 7.6, APIs: 5, Instructions: 82windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001053,000000FF,?), ref: 00905745
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001074,?,00000001), ref: 0090579D
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 009057AF
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 009057BA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00905816
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 763830540-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e242e26f35e28ee6b04c024b77f40fcc410c9670d30ee8e5240e31de8e6b397f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 459610de93d8cfd4e53290bd39a7af7e6d481b7727fc5c2ccb59429db21974bc
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e242e26f35e28ee6b04c024b77f40fcc410c9670d30ee8e5240e31de8e6b397f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 64219E75904618AEDB209FA5CC84EEEBBBCFF44324F108616F929EA1D4E7708985CF50
                                                                                                                                                                                                                                                                                                                                                                        Function 008F0930 Relevance: 7.6, APIs: 5, Instructions: 69COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • IsWindow.USER32(00000000), ref: 008F0951
                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 008F0968
                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 008F09A4
                                                                                                                                                                                                                                                                                                                                                                        • GetPixel.GDI32(00000000,?,00000003), ref: 008F09B0
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(00000000,00000003), ref: 008F09E8
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ForegroundPixelRelease
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4156661090-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 25dd647d2d3aa36bffe2eb5a0f51935165362ed6acb066316f7e38cb1202e2fb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4d5b08a30e45179dff37b61aadc47238b7aae048fe8d60ff1f95e5bf9d2b1385
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 25dd647d2d3aa36bffe2eb5a0f51935165362ed6acb066316f7e38cb1202e2fb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4F218175A00208AFD714EF69C889AAEBBE5FF49704F048168F94AD7362DB70EC44DB50
                                                                                                                                                                                                                                                                                                                                                                        Function 008ACDBD Relevance: 7.6, APIs: 5, Instructions: 68COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetEnvironmentStringsW.KERNEL32 ref: 008ACDC6
                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008ACDE9
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A3820: RtlAllocateHeap.NTDLL(00000000,?,00941444,?,0088FDF5,?,?,0087A976,00000010,00941440,008713FC,?,008713C6,?,00871129), ref: 008A3852
                                                                                                                                                                                                                                                                                                                                                                        • WideCharToMultiByte.KERNEL32(00000000,00000000,00000000,00000000,00000000,?,00000000,00000000), ref: 008ACE0F
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008ACE22
                                                                                                                                                                                                                                                                                                                                                                        • FreeEnvironmentStringsW.KERNEL32(00000000), ref: 008ACE31
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharEnvironmentMultiStringsWide$AllocateFreeHeap_free
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 336800556-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8716db9b7e21c68a0d08699553f832228ea11b0bef67871367eb4894902f1888
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0255ef0dc86a388962a1b4ac9ba021275e36562169e253e45580fff654d33d1e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8716db9b7e21c68a0d08699553f832228ea11b0bef67871367eb4894902f1888
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D00124B26052147F772117BAAC88C3B6A6CFEC3BA13140229F900D3600EB208D2191F0
                                                                                                                                                                                                                                                                                                                                                                        Function 0088990C Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000008), ref: 008898CC
                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 008898D6
                                                                                                                                                                                                                                                                                                                                                                        • SetBkMode.GDI32(?,00000001), ref: 008898E9
                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000005), ref: 008898F1
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EB), ref: 00889952
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Color$LongModeObjectStockTextWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1860813098-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 200f8c64b27b5e8408f87608d214e259fd79ae5f7b9072b85c2a7ce663b8590f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d555a8fe59963c6571343abee1954e283cb2aed9425abfd8bebcfd37e6fcff3f
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 200f8c64b27b5e8408f87608d214e259fd79ae5f7b9072b85c2a7ce663b8590f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C221B07114D290AFC7229F38EC98AB93F60FF17325B1D429EE9D2CA1A2C7314952DB51
                                                                                                                                                                                                                                                                                                                                                                        Function 00889639 Relevance: 7.6, APIs: 5, Instructions: 66COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00889693
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 008896A2
                                                                                                                                                                                                                                                                                                                                                                        • BeginPath.GDI32(?), ref: 008896B9
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 008896E2
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ObjectSelect$BeginCreatePath
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3225163088-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1b894c98924cb06b42c7dae69b35309f7adfef2891a95ab2f8d32a10031979e7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 548db88f6831c12bca24c3418ab7793c72e07d3178e885be3ba6265a996a2753
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1b894c98924cb06b42c7dae69b35309f7adfef2891a95ab2f8d32a10031979e7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1E217F7482A305EFDB11EF68EC04BB93BB8FB21355F140216F460E61A0E3709891EF90
                                                                                                                                                                                                                                                                                                                                                                        Function 008D5711 Relevance: 7.6, APIs: 5, Instructions: 61COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _memcmp
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2931989736-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e1d7251218188ad173b3462e5b68f625ed73bd8f5f740a61358c9333e7176d50
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5423454f2a780b6e9db616bb0f66c71a06b5d4d47a49da49da492e3df13c9aa7
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e1d7251218188ad173b3462e5b68f625ed73bd8f5f740a61358c9333e7176d50
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C001D26124560AFEEA1861149D86EBA735CFF613A8F244123FD08DA781F720EE1086A1
                                                                                                                                                                                                                                                                                                                                                                        Function 008A2DF8 Relevance: 7.6, APIs: 5, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,?,?,0089F2DE,008A3863,00941444,?,0088FDF5,?,?,0087A976,00000010,00941440,008713FC,?,008713C6), ref: 008A2DFD
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A2E32
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A2E59
                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,00871129), ref: 008A2E66
                                                                                                                                                                                                                                                                                                                                                                        • SetLastError.KERNEL32(00000000,00871129), ref: 008A2E6F
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$_free
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3170660625-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 86aa28da6e56dc236cbb27c7122b6ad22dfc188da37f94ceb063f31afbcef8f9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 53772ce43cc9aa33165ad1b7480140e714f75313530b0ab92d62b1eb2578f302
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86aa28da6e56dc236cbb27c7122b6ad22dfc188da37f94ceb063f31afbcef8f9
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2F012872219A006BF632677D6C46E2B265DFBD37B5B240128F425E29D3FF74CCA16122
                                                                                                                                                                                                                                                                                                                                                                        Function 008D000E Relevance: 7.5, APIs: 5, Instructions: 47stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CLSIDFromProgID.OLE32(?,?,?,00000000,?,?,?,-C000001E,00000001,?,008CFF41,80070057,?,?,?,008D035E), ref: 008D002B
                                                                                                                                                                                                                                                                                                                                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008CFF41,80070057,?,?), ref: 008D0046
                                                                                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008CFF41,80070057,?,?), ref: 008D0054
                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000,?,00000000,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008CFF41,80070057,?), ref: 008D0064
                                                                                                                                                                                                                                                                                                                                                                        • CLSIDFromString.OLE32(?,?,?,?,?,00000000,?,?,?,-C000001E,00000001,?,008CFF41,80070057,?,?), ref: 008D0070
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: From$Prog$FreeStringTasklstrcmpi
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3897988419-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c1a95507f1d1fcd2def7471d36cfd884d4ca59bedec365c4d075e1967a283ba3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 99fd0c6d8ee53222562b671b80ba1c8aacd5fbefc298152598c5be7fe9f1cdb1
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c1a95507f1d1fcd2def7471d36cfd884d4ca59bedec365c4d075e1967a283ba3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2018BB2610604BFDB108F68DC04BAA7BADFF84792F148225FD05D2210E771DD40ABA0
                                                                                                                                                                                                                                                                                                                                                                        Function 008DE97B Relevance: 7.5, APIs: 5, Instructions: 47sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 008DE997
                                                                                                                                                                                                                                                                                                                                                                        • QueryPerformanceFrequency.KERNEL32(?), ref: 008DE9A5
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 008DE9AD
                                                                                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?), ref: 008DE9B7
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32 ref: 008DE9F3
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: PerformanceQuery$CounterSleep$Frequency
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2833360925-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ed175625cce60bf06951fb96bd75bd327e6351062ccb2b28e0f72fe87fe707a1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b26d718c23f27de324b8a19d599d0dd54aac04530d1aecbcf542de04afaac7da
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed175625cce60bf06951fb96bd75bd327e6351062ccb2b28e0f72fe87fe707a1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8C015771C0A62DEBCF40ABE5D869AEDBB78FB08310F000656E502F6240CB3095519BA1
                                                                                                                                                                                                                                                                                                                                                                        Function 008D10F9 Relevance: 7.5, APIs: 5, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetUserObjectSecurity.USER32(?,00000004,?,00000000,?), ref: 008D1114
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000,00000000,?,?,008D0B9B,?,?,?), ref: 008D1120
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000000,00000000,?,?,008D0B9B,?,?,?), ref: 008D112F
                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000000,00000000,?,?,008D0B9B,?,?,?), ref: 008D1136
                                                                                                                                                                                                                                                                                                                                                                        • GetUserObjectSecurity.USER32(?,00000004,00000000,?,?), ref: 008D114D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: HeapObjectSecurityUser$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 842720411-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 33926488fa95004251c009acd4a44f598a246a1c5fad631dc2fe65c9684b3028
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3e87a38136acbb2d1d975af4c7f0f90bdd6064a4dc7a67cc4aab146536611c24
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 33926488fa95004251c009acd4a44f598a246a1c5fad631dc2fe65c9684b3028
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 470119B5214205BFEF114FA5DC4DA6A3B7EFF893A0B204619FA45D7360DA31DC40AA60
                                                                                                                                                                                                                                                                                                                                                                        Function 008D0FB4 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,?,00000000,?), ref: 008D0FCA
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000002,?,00000000,?), ref: 008D0FD6
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,00000002,?,00000000,?), ref: 008D0FE5
                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,00000002,?,00000000,?), ref: 008D0FEC
                                                                                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000002,00000000,?,?,?,00000002,?,00000000,?), ref: 008D1002
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4637dc3e0d06ee1abe08063c0300b731189ea6c45fcbde5cb03be8c72bd20ff2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0ece57ff2ea78184224a6a54a1fe5f5c33de57db2963b763cf0cc978aaa31af2
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4637dc3e0d06ee1abe08063c0300b731189ea6c45fcbde5cb03be8c72bd20ff2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E2F049B5214701BFDB215FA4AC4DF563BADFF89B62F104615FA45C6291CA70DC809A60
                                                                                                                                                                                                                                                                                                                                                                        Function 008D1014 Relevance: 7.5, APIs: 5, Instructions: 43memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 008D102A
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 008D1036
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008D1045
                                                                                                                                                                                                                                                                                                                                                                        • HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 008D104C
                                                                                                                                                                                                                                                                                                                                                                        • GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008D1062
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: HeapInformationToken$AllocErrorLastProcess
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 44706859-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dcc10477520287629807fababaa7671c3373a83efe771dc23d5a65f690013749
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b4a78b7fb19eee4dc93d34897fb120d57cbca1f84ce8f533f315ca4379d80006
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dcc10477520287629807fababaa7671c3373a83efe771dc23d5a65f690013749
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AEF049B5214701BFDB216FA4EC4DF563BADFF89761F100615FA45C6250CA70DC809A60
                                                                                                                                                                                                                                                                                                                                                                        Function 008E030F Relevance: 7.5, APIs: 6, Instructions: 41COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,008E017D,?,008E32FC,?,00000001,008B2592,?), ref: 008E0324
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,008E017D,?,008E32FC,?,00000001,008B2592,?), ref: 008E0331
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,008E017D,?,008E32FC,?,00000001,008B2592,?), ref: 008E033E
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,008E017D,?,008E32FC,?,00000001,008B2592,?), ref: 008E034B
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,008E017D,?,008E32FC,?,00000001,008B2592,?), ref: 008E0358
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(?,?,?,?,008E017D,?,008E32FC,?,00000001,008B2592,?), ref: 008E0365
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseHandle
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2962429428-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d0eb639eacc3b6e9cc6ccd7a4b0853ed4775a3e0329c436eb195d5a2b1024aef
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 16ce761f81f21aab641b98e12ed4b289200f856ffed21d7ee9d2df926319edcb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d0eb639eacc3b6e9cc6ccd7a4b0853ed4775a3e0329c436eb195d5a2b1024aef
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 09019072800B559FC7309F66D880412F7F5FE512153158E3ED19692A31C3B1A994DE80
                                                                                                                                                                                                                                                                                                                                                                        Function 008AD73A Relevance: 7.5, APIs: 5, Instructions: 40COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008AD752
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008AD7D1,00000000,00000000,00000000,00000000,?,008AD7F8,00000000,00000007,00000000,?,008ADBF5,00000000), ref: 008A29DE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A29C8: GetLastError.KERNEL32(00000000,?,008AD7D1,00000000,00000000,00000000,00000000,?,008AD7F8,00000000,00000007,00000000,?,008ADBF5,00000000,00000000), ref: 008A29F0
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008AD764
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008AD776
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008AD788
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008AD79A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bbb71f1ef3fae7c95b4bb6aaacc0d3f623f9aae805be8d4910204aed1f482beb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 29b8e591837fc92ab23b5b6e7c8898d807278fabd2598c162f634d21f3bc8fb9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bbb71f1ef3fae7c95b4bb6aaacc0d3f623f9aae805be8d4910204aed1f482beb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 49F04F72518708AFA669EB6CF9C1D1B7BDDFB06710B990805F149E7D11C720FC808B62
                                                                                                                                                                                                                                                                                                                                                                        Function 008D5C44 Relevance: 7.5, APIs: 5, Instructions: 40windowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetDlgItem.USER32(?,000003E9), ref: 008D5C58
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextW.USER32(00000000,?,00000100), ref: 008D5C6F
                                                                                                                                                                                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 008D5C87
                                                                                                                                                                                                                                                                                                                                                                        • KillTimer.USER32(?,0000040A), ref: 008D5CA3
                                                                                                                                                                                                                                                                                                                                                                        • EndDialog.USER32(?,00000001), ref: 008D5CBD
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: BeepDialogItemKillMessageTextTimerWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3741023627-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6147f316e4640e8dd8041c33e7d1083fb64e4e9f3256d3a6c1f4bfa1bb002b3d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e8e27ea2508403fb64bc14a4382d928c1889a5c5e39c450435a45ce0f1898225
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6147f316e4640e8dd8041c33e7d1083fb64e4e9f3256d3a6c1f4bfa1bb002b3d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B6018170524B04AFEB306B10DD4EFA67BB8FB00B45F04075BA583E11E1DBF5A9849A91
                                                                                                                                                                                                                                                                                                                                                                        Function 008A22A0 Relevance: 7.5, APIs: 5, Instructions: 30COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A22BE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A29C8: RtlFreeHeap.NTDLL(00000000,00000000,?,008AD7D1,00000000,00000000,00000000,00000000,?,008AD7F8,00000000,00000007,00000000,?,008ADBF5,00000000), ref: 008A29DE
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A29C8: GetLastError.KERNEL32(00000000,?,008AD7D1,00000000,00000000,00000000,00000000,?,008AD7F8,00000000,00000007,00000000,?,008ADBF5,00000000,00000000), ref: 008A29F0
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A22D0
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A22E3
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A22F4
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A2305
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$ErrorFreeHeapLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 776569668-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8748bfb170ae12da3549d6981c169ec72f014776698e763127a4133df8b9d8e4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 45c6849e1f9c920b2e8f942aca01fbc9015f066e8098b90e0c21cd50f313cac9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8748bfb170ae12da3549d6981c169ec72f014776698e763127a4133df8b9d8e4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 26F054B84286108FD772AF6CBC01D093F64F71BB517040556F610D2671C7310551BFE6
                                                                                                                                                                                                                                                                                                                                                                        Function 008895C5 Relevance: 7.5, APIs: 5, Instructions: 29COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • EndPath.GDI32(?), ref: 008895D4
                                                                                                                                                                                                                                                                                                                                                                        • StrokeAndFillPath.GDI32(?,?,008C71F7,00000000,?,?,?), ref: 008895F0
                                                                                                                                                                                                                                                                                                                                                                        • SelectObject.GDI32(?,00000000), ref: 00889603
                                                                                                                                                                                                                                                                                                                                                                        • DeleteObject.GDI32 ref: 00889616
                                                                                                                                                                                                                                                                                                                                                                        • StrokePath.GDI32(?), ref: 00889631
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Path$ObjectStroke$DeleteFillSelect
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2625713937-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 07d8fdb11e2aba111155c020953b51a4c6cc4c45845a747c9546bf939f0edc50
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 942931857c41d023026139f55790a5ea7cfc85e47b9f4d7282ba73e9d01d930e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 07d8fdb11e2aba111155c020953b51a4c6cc4c45845a747c9546bf939f0edc50
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9F0C97902E208EFDB16AF65ED58B643B65FB12366F088314F469950F0D7308995EF60
                                                                                                                                                                                                                                                                                                                                                                        Function 008A0F47 Relevance: 7.4, APIs: 2, Strings: 2, Instructions: 389COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: __freea$_free
                                                                                                                                                                                                                                                                                                                                                                        • String ID: a/p$am/pm
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3432400110-3206640213
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 716e4bbe41ef2865cba15248b81c9d026569866f6c2a80f0d424cc35d75f1b04
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: d7c2dbf397058b9a22b66ab26323e1429df296b14f404f23b51a91c3c1b29212
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 716e4bbe41ef2865cba15248b81c9d026569866f6c2a80f0d424cc35d75f1b04
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: E5D1DF3190020A9AEF289F68C85DBBAB7B5FF07714F284159E901EBF50D3799D80CB91
                                                                                                                                                                                                                                                                                                                                                                        Function 008F7B7E Relevance: 7.2, APIs: 1, Strings: 3, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00890242: EnterCriticalSection.KERNEL32(0094070C,00941884,?,?,0088198B,00942518,?,?,?,008712F9,00000000), ref: 0089024D
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00890242: LeaveCriticalSection.KERNEL32(0094070C,?,0088198B,00942518,?,?,?,008712F9,00000000), ref: 0089028A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008900A3: __onexit.LIBCMT ref: 008900A9
                                                                                                                                                                                                                                                                                                                                                                        • __Init_thread_footer.LIBCMT ref: 008F7BFB
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008901F8: EnterCriticalSection.KERNEL32(0094070C,?,?,00888747,00942514), ref: 00890202
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008901F8: LeaveCriticalSection.KERNEL32(0094070C,?,00888747,00942514), ref: 00890235
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CriticalSection$EnterLeave$Init_thread_footer__onexit_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 5$G$Variable must be of type 'Object'.
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 535116098-3733170431
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d7085eed9ff0be950edc5931594726ade7f9ff7d388b9142ab5c7424c0819b1b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3c0e246dee8ed31fa60fcc094fed9eac5f043213f497941a2062563a5798f5cb
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7085eed9ff0be950edc5931594726ade7f9ff7d388b9142ab5c7424c0819b1b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 45916970A04209AFDB14EF68D891DBDB7B1FF49304F508059FA06DB296DB71AE41CB51
                                                                                                                                                                                                                                                                                                                                                                        Function 008D2716 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 121windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DB403: WriteProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008D21D0,?,?,00000034,00000800,?,00000034), ref: 008DB42D
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001104,00000000,00000000), ref: 008D2760
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DB3CE: ReadProcessMemory.KERNEL32(?,?,?,00000000,00000000,00000000,?,008D21FF,?,?,00000800,?,00001073,00000000,?,?), ref: 008DB3F8
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DB32A: GetWindowThreadProcessId.USER32(?,?), ref: 008DB355
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DB32A: OpenProcess.KERNEL32(00000438,00000000,?,?,?,008D2194,00000034,?,?,00001004,00000000,00000000), ref: 008DB365
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DB32A: VirtualAllocEx.KERNEL32(00000000,00000000,?,00001000,00000004,?,?,008D2194,00000034,?,?,00001004,00000000,00000000), ref: 008DB37B
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008D27CD
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001111,00000000,00000000), ref: 008D281A
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process$MessageSend$Memory$AllocOpenReadThreadVirtualWindowWrite
                                                                                                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4150878124-2766056989
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 364d2a0b6f7822ac02564c349e9678901613bcdb2954a500db66e99be88cc69f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5c3694e0c6c06754311cafe68f28d538ee5969846a3781d56851ed36077217c0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 364d2a0b6f7822ac02564c349e9678901613bcdb2954a500db66e99be88cc69f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8E413C72900218AFDB10DBA8CD45EEEBBB8FF19300F004196FA55B7281DB716E45DBA1
                                                                                                                                                                                                                                                                                                                                                                        Function 008A172E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 115COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(00000000,C:\Users\user\Desktop\gTU8ed4669.exe,00000104), ref: 008A1769
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A1834
                                                                                                                                                                                                                                                                                                                                                                        • _free.LIBCMT ref: 008A183E
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free$FileModuleName
                                                                                                                                                                                                                                                                                                                                                                        • String ID: C:\Users\user\Desktop\gTU8ed4669.exe
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2506810119-768240071
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2e1627b1ac9bd971410a9d8cbe36a9c0fb0825e6cfc786a3b3f4c76b02acb878
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 77b94ff51ca9ab8481dcb357d4a7bff6e02beaee8f88cc2de39b4c14dfe80af5
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2e1627b1ac9bd971410a9d8cbe36a9c0fb0825e6cfc786a3b3f4c76b02acb878
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F8318D75A04218AFEF21DB999889D9EBBFCFB86310F144166F904D7611D6B08E80DB91
                                                                                                                                                                                                                                                                                                                                                                        Function 008DC27D Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 114windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(00000004,00000000,00000000,?), ref: 008DC306
                                                                                                                                                                                                                                                                                                                                                                        • DeleteMenu.USER32(?,00000007,00000000), ref: 008DC34C
                                                                                                                                                                                                                                                                                                                                                                        • DeleteMenu.USER32(?,00000000,00000000,?,00000000,00000000,00941990,00BB65C0), ref: 008DC395
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$Delete$InfoItem
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 135850232-4108050209
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 99d77a08d15807ba260edadd5672e7efb2e654376e5850a13064fd3b5e0a3bc6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0b9f47f8b5abf4ed5459895beca52084bad889ce89e30f0a8277126f65100ebd
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 99d77a08d15807ba260edadd5672e7efb2e654376e5850a13064fd3b5e0a3bc6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5B416C712083429FDB28DF29D884B5ABBA4FB85324F14871EF9A5D73D1D770A904CB62
                                                                                                                                                                                                                                                                                                                                                                        Function 00904416 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000013,?,?,SysTreeView32,0090CC08,00000000,?,?,?,?), ref: 009044AA
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32 ref: 009044C7
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 009044D7
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                        • String ID: SysTreeView32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 847901565-1698111956
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 00b8d1ab016c203feb875c5c53acf85924496a1c5aa7bee7b747e48e277d487e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 761cce1fb724c2fd15ddf553d56e2a2abbf46b089aaeef1188967239a647bc3e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 00b8d1ab016c203feb875c5c53acf85924496a1c5aa7bee7b747e48e277d487e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B8318DB1214605AFDB209F38DC45BEA77A9EB49334F204715FA79D21E1D770EC509B50
                                                                                                                                                                                                                                                                                                                                                                        Function 008F304E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 90networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008F335B: WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,?,?,?,?,?,008F3077,?,?), ref: 008F3378
                                                                                                                                                                                                                                                                                                                                                                        • inet_addr.WSOCK32(?,?,?,?,?,00000000), ref: 008F307A
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008F309B
                                                                                                                                                                                                                                                                                                                                                                        • htons.WSOCK32(00000000,?,?,00000000), ref: 008F3106
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide_wcslenhtonsinet_addr
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 255.255.255.255
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 946324512-2422070025
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d7fe06ce0bff6245fd584995037be351edf1a5042181c093c979d2f76bd2f9d3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3f8ff4216496782ad5b8886329ac2d4696cb47fed0f5521c1c983e8f3a06bc7c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d7fe06ce0bff6245fd584995037be351edf1a5042181c093c979d2f76bd2f9d3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A31AE356042099FCB20DF38C485ABA77A4FF54318F24805AEA15CB392DB72EE85CB61
                                                                                                                                                                                                                                                                                                                                                                        Function 00904653 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 87windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000469,?,00000000), ref: 00904705
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000465,00000000,80017FFF), ref: 00904713
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(00000000,00000000,?,?,?,00000000,msctls_updown32,00000000,00000000,00000000,00000000,00000000,00000000,?,?,00000000), ref: 0090471A
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$DestroyWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: msctls_updown32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4014797782-2298589950
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 41bd48414ee16630d42fcaf263402e1478b5382364199b01eb1898af90546fd8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ce12dec462890360322d5572218e2b6808ed37e161fb3f4a6b2b838f7a8f7352
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41bd48414ee16630d42fcaf263402e1478b5382364199b01eb1898af90546fd8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0A2160F5604209AFDB10DF68DCD1DA737ADEF9A3A4B040459FA00DB2A1DB71EC51DA60
                                                                                                                                                                                                                                                                                                                                                                        Function 008D95AD Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 85COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: #OnAutoItStartRegister$#notrayicon$#requireadmin
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 176396367-2734436370
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5bd1762d2924b702ed0630e0aefa777de5fcd1dbbf262ca2a2faf03c0d390772
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c15d3ce391d14654d1bb4522892fb3f0a4cbfa91bde0d76434f9307f7a63f203
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5bd1762d2924b702ed0630e0aefa777de5fcd1dbbf262ca2a2faf03c0d390772
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 83213832204111A6C731BA28AC12FBB73A8FFA1314F144137F98AD7285EB55ED91C396
                                                                                                                                                                                                                                                                                                                                                                        Function 009037B7 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 84windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000180,00000000,?), ref: 00903840
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000186,00000000,00000000), ref: 00903850
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(00000000,?,?,?,?,00000000,?,?,Listbox,00000000,00000000,?,?,?,?,?), ref: 00903876
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend$MoveWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Listbox
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3315199576-2633736733
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 11b4f10e3a97e2f3317a8af59969f9c574073b8413e909ee67819f04d0e2221d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 73b154e726430067aed2c781e07f284a28499665f1844937a2add8eab783211b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 11b4f10e3a97e2f3317a8af59969f9c574073b8413e909ee67819f04d0e2221d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6217C72614218AFEB218F64CC85EAB376EEF89754F10C124F9449B190CA71DC528BA0
                                                                                                                                                                                                                                                                                                                                                                        Function 008E49F4 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000001), ref: 008E4A08
                                                                                                                                                                                                                                                                                                                                                                        • GetVolumeInformationW.KERNEL32(?,?,00007FFF,?,00000000,00000000,00000000,00000000), ref: 008E4A5C
                                                                                                                                                                                                                                                                                                                                                                        • SetErrorMode.KERNEL32(00000000,?,?,0090CC08), ref: 008E4AD0
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorMode$InformationVolume
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %lu
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2507767853-685833217
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 73679fbd4375c22d6a9f26797184b006dae90439effe137f7c543c787d5a5ca3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1bd2a66d91f8889eb67517c0d776b707e1d11dadb606fe7abb376922612b2333
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 73679fbd4375c22d6a9f26797184b006dae90439effe137f7c543c787d5a5ca3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7F315E71A00118AFDB10DF58C885EAA7BF8FF49318F1480A5E909DB252D771ED45CB62
                                                                                                                                                                                                                                                                                                                                                                        Function 009041EB Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000405,00000000,00000000), ref: 0090424F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000406,00000000,00640000), ref: 00904264
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000414,0000000A,00000000), ref: 00904271
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID: msctls_trackbar32
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-1010561917
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 15bba39933df04a678caea8925ae7c7ad0d2d3bf47dbf6caf216befad93a79d1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: fa82bfd88afc50a192e8411306095604a7b255bf9070fa88896e29da57b1945d
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 15bba39933df04a678caea8925ae7c7ad0d2d3bf47dbf6caf216befad93a79d1
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D0110671344208BEEF205F68CC06FAB3BACEF95B54F010514FA55E20E0D671DC619B10
                                                                                                                                                                                                                                                                                                                                                                        Function 008D2F52 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00876B57: _wcslen.LIBCMT ref: 00876B6A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D2DA7: SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 008D2DC5
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D2DA7: GetWindowThreadProcessId.USER32(?,00000000), ref: 008D2DD6
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D2DA7: GetCurrentThreadId.KERNEL32 ref: 008D2DDD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D2DA7: AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 008D2DE4
                                                                                                                                                                                                                                                                                                                                                                        • GetFocus.USER32 ref: 008D2F78
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D2DEE: GetParent.USER32(00000000), ref: 008D2DF9
                                                                                                                                                                                                                                                                                                                                                                        • GetClassNameW.USER32(?,?,00000100), ref: 008D2FC3
                                                                                                                                                                                                                                                                                                                                                                        • EnumChildWindows.USER32(?,008D303B), ref: 008D2FEB
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Thread$AttachChildClassCurrentEnumFocusInputMessageNameParentProcessSendTimeoutWindowWindows_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: %s%d
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1272988791-1110647743
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1f952a23189ff1612106c92128c88bdf60bd77340eed8196a8733512043f7ac8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c804257285ef4bef0caba932f8fa9ecedb38ccbf8d71ceb9580704082e248080
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1f952a23189ff1612106c92128c88bdf60bd77340eed8196a8733512043f7ac8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D711E7712002096BCF10BF748C85EED376AFF94318F048176F909EB292DE319E498B62
                                                                                                                                                                                                                                                                                                                                                                        Function 00905882 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009058C1
                                                                                                                                                                                                                                                                                                                                                                        • SetMenuItemInfoW.USER32(?,?,?,00000030), ref: 009058EE
                                                                                                                                                                                                                                                                                                                                                                        • DrawMenuBar.USER32(?), ref: 009058FD
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Menu$InfoItem$Draw
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 0
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3227129158-4108050209
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 521c2909b59014515dd84b365e63d3c149c8a985f4007b5003b94d89724a37ee
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9d8ed282755de70090512742372b13b70bef5d4d83b95ae9c563d368eece90be
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 521c2909b59014515dd84b365e63d3c149c8a985f4007b5003b94d89724a37ee
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 7B01CC31504208EFDB209F11DC44BAFBBB8FF45361F0080A9F848DA1A2DB308A90EF21
                                                                                                                                                                                                                                                                                                                                                                        Function 008D007F Relevance: 6.3, APIs: 4, Instructions: 322COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4f623563c765145a8fed0678f93fcd52fe093a7fc500ff33fffa241233699583
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 8e48b980c4928fefa4e012882dbe60b82843236cefd951b64739797f2e2d66ff
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f623563c765145a8fed0678f93fcd52fe093a7fc500ff33fffa241233699583
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78C13875A0020AAFDB14DFA8C894BAEB7B5FF48704F208699E505EB351D731EE41CB90
                                                                                                                                                                                                                                                                                                                                                                        Function 008A3E80 Relevance: 6.3, APIs: 4, Instructions: 305COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: __alldvrm$_strrchr
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1036877536-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1890be23fda00b4ada303aa0a5f11a80cf7bffa21a93f634c88fb73c09f78a28
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 190bec492484a18a97fe5f025dcdb3e473ceac46589bc02d4dbe4f94f5be8f6e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 40A14571E107869FFF21CE18C8917AABBE4FFA3350F18416DE585DB682C6B88981C751
                                                                                                                                                                                                                                                                                                                                                                        Function 008F342E Relevance: 6.3, APIs: 4, Instructions: 257COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Variant$ClearInitInitializeUninitialize
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1998397398-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d753ea5d8395da41184146556a55c5372a9adef3943dbd8b8e0e684547ff089a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3a10f7460faebc6e661040194f18b7e4be64b11a012fc40fe0e91d6d93579491
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d753ea5d8395da41184146556a55c5372a9adef3943dbd8b8e0e684547ff089a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 88A13B756042049FCB10EF28C485A2AB7E5FF89714F148959FA8ADB366DB30EE41CB52
                                                                                                                                                                                                                                                                                                                                                                        Function 008D0436 Relevance: 6.2, APIs: 4, Instructions: 230COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ProgIDFromCLSID.OLE32(?,00000000,?,00000000,00000800,00000000,?,0090FC08,?), ref: 008D05F0
                                                                                                                                                                                                                                                                                                                                                                        • CoTaskMemFree.OLE32(00000000,00000000,?,00000000,00000800,00000000,?,0090FC08,?), ref: 008D0608
                                                                                                                                                                                                                                                                                                                                                                        • CLSIDFromProgID.OLE32(?,?,00000000,0090CC40,000000FF,?,00000000,00000800,00000000,?,0090FC08,?), ref: 008D062D
                                                                                                                                                                                                                                                                                                                                                                        • _memcmp.LIBVCRUNTIME ref: 008D064E
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FromProg$FreeTask_memcmp
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 314563124-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 637a9d169c95eacc21f8653d2e86984e9c48fc3cf2feca1dc94b923543d25ea7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 583ff575123f2082f131e7d7debae0002f159b653a33a9a0d7dd824e27830e12
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 637a9d169c95eacc21f8653d2e86984e9c48fc3cf2feca1dc94b923543d25ea7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9681E671A00209AFCB04DF94C984EEEB7B9FF89315F204599E506EB250DB71AE06CF61
                                                                                                                                                                                                                                                                                                                                                                        Function 008FA67C Relevance: 6.2, APIs: 4, Instructions: 175processCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateToolhelp32Snapshot.KERNEL32 ref: 008FA6AC
                                                                                                                                                                                                                                                                                                                                                                        • Process32FirstW.KERNEL32(00000000,?), ref: 008FA6BA
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                        • Process32NextW.KERNEL32(00000000,?), ref: 008FA79C
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000), ref: 008FA7AB
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088CE60: CompareStringW.KERNEL32(00000409,00000001,?,00000000,00000000,?,?,00000000,?,008B3303,?), ref: 0088CE8A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Process32$CloseCompareCreateFirstHandleNextSnapshotStringToolhelp32_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1991900642-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ffdf0b05a8bc0fe7a8e5fecfa6d3f4a9b3e03e013fcb7790f07c9e799e207ac0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 03b318c2a0c3329e6d992863c85e0fb491820def8feec44acd78b58722de2ac9
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ffdf0b05a8bc0fe7a8e5fecfa6d3f4a9b3e03e013fcb7790f07c9e799e207ac0
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D3510AB15083049FD714EF28C886A6BBBE8FF89754F00892DF599D7252EB70D905CB92
                                                                                                                                                                                                                                                                                                                                                                        Function 008B1391 Relevance: 6.2, APIs: 4, Instructions: 152COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _free
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 269201875-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 46bde339a6c2a5febc51d81821f9115db9d6b724344b775f4ecd94699a410e3f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f17e041e64c7fb571aafce698403f59beb269cfed157c641b88232b3a64612c3
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 46bde339a6c2a5febc51d81821f9115db9d6b724344b775f4ecd94699a410e3f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F6417B31600105ABEF257BFC8C5ABEE3AA6FF46370F684225F518DA392EA7448415267
                                                                                                                                                                                                                                                                                                                                                                        Function 00906278 Relevance: 6.1, APIs: 4, Instructions: 138COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 009062E2
                                                                                                                                                                                                                                                                                                                                                                        • ScreenToClient.USER32(?,?), ref: 00906315
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,000000FF,00000001,?,?,?,?,?), ref: 00906382
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ClientMoveRectScreen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3880355969-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9b82a3ff2c1492956d4207723f873ef544b50103114fd9cadf99ba13b1a458b6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: e8864f3d0f237c0b2329ec3956aedd953d44028613446e118fcb700446cdd489
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9b82a3ff2c1492956d4207723f873ef544b50103114fd9cadf99ba13b1a458b6
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3D510B74900209EFDB24DF58D881AAE7BB9FB45360F108269F865972E0D730ED91DB90
                                                                                                                                                                                                                                                                                                                                                                        Function 008F1AD6 Relevance: 6.1, APIs: 4, Instructions: 138networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • socket.WSOCK32(00000002,00000002,00000011), ref: 008F1AFD
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 008F1B0B
                                                                                                                                                                                                                                                                                                                                                                        • #21.WSOCK32(?,0000FFFF,00000020,00000002,00000004), ref: 008F1B8A
                                                                                                                                                                                                                                                                                                                                                                        • WSAGetLastError.WSOCK32 ref: 008F1B94
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorLast$socket
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1881357543-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7d053bfdb2c41d29d369c86924d1e30fc3127d3a7b59607743759fc2b3efb11f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0e0f3672e8ded3fd0d03d83a670e83154968420a634eaeccbcd9d7f94b369fef
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7d053bfdb2c41d29d369c86924d1e30fc3127d3a7b59607743759fc2b3efb11f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2D416D74640204AFEB20AF28C88AF2977A5FB44718F54C558FA1ADF393E672DD418B91
                                                                                                                                                                                                                                                                                                                                                                        Function 008AB41F Relevance: 6.1, APIs: 4, Instructions: 133COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 41f92c3ceafb853ce0ef78a0c37a34fafe38c6f9e86a0876b011edc014d3c351
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: b87084ac4ec94ec516bd0a6fe3ffd1b52844e21d299a5f1764365c5f610d55d7
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 41f92c3ceafb853ce0ef78a0c37a34fafe38c6f9e86a0876b011edc014d3c351
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2B410671A00708AFE724AF7CCC41BAABBE9FB89710F10452EF541DBA83D771A9018781
                                                                                                                                                                                                                                                                                                                                                                        Function 008E56D9 Relevance: 6.1, APIs: 4, Instructions: 110fileCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000), ref: 008E5783
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,00000000), ref: 008E57A9
                                                                                                                                                                                                                                                                                                                                                                        • DeleteFileW.KERNEL32(00000002,?,00000000), ref: 008E57CE
                                                                                                                                                                                                                                                                                                                                                                        • CreateHardLinkW.KERNEL32(00000002,?,00000000,?,00000000), ref: 008E57FA
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateHardLink$DeleteErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3321077145-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 7bafdb0957d4873067c6c365beedba4686ebfc37e332f67365e67cd657486210
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 04c5226e7384647efaf0374b27550396e1b2eb71f105d20552537155f4a00b8e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 7bafdb0957d4873067c6c365beedba4686ebfc37e332f67365e67cd657486210
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C1412F35600610DFCB11EF19C544A5EBBE2FF89724B19C498E85A9B366CB34FD40DB92
                                                                                                                                                                                                                                                                                                                                                                        Function 008AD8C3 Relevance: 6.1, APIs: 4, Instructions: 110COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000000,8BE85006,00896D71,00000000,00000000,008982D9,?,008982D9,?,00000001,00896D71,8BE85006,00000001,008982D9,008982D9), ref: 008AD910
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008AD999
                                                                                                                                                                                                                                                                                                                                                                        • GetStringTypeW.KERNEL32(?,00000000,00000000,?), ref: 008AD9AB
                                                                                                                                                                                                                                                                                                                                                                        • __freea.LIBCMT ref: 008AD9B4
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008A3820: RtlAllocateHeap.NTDLL(00000000,?,00941444,?,0088FDF5,?,?,0087A976,00000010,00941440,008713FC,?,008713C6,?,00871129), ref: 008A3852
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$AllocateHeapStringType__freea
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2652629310-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 09d2a4697e812292e343647b685bc465f5bb07474c5432f907bb8a0c546f560c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 47471174428dc29b86c52982b2af7cc77ed1a3ced6c6a114955b53e5b4951430
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 09d2a4697e812292e343647b685bc465f5bb07474c5432f907bb8a0c546f560c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AE31CE72A0020AAFEF249F68DC45EAF7BA5FB42310B090268FC05DA650EB35CD55CB90
                                                                                                                                                                                                                                                                                                                                                                        Function 009052C1 Relevance: 6.1, APIs: 4, Instructions: 104windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001024,00000000,?), ref: 00905352
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00905375
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000F0,00000000), ref: 00905382
                                                                                                                                                                                                                                                                                                                                                                        • InvalidateRect.USER32(?,00000000,00000001,?,?,?), ref: 009053A8
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LongWindow$InvalidateMessageRectSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3340791633-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bb66a15d1720703f10f415dff2f32116278e2865c35ad115b170733a0a82c379
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: cbae690af0fed231b4abdc289ac9f4f8978b51f499c47fd1f8245ddede87144c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bb66a15d1720703f10f415dff2f32116278e2865c35ad115b170733a0a82c379
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3531C374A59A08EFEB349F14CC06FEA77A9EB053D0F594501FA10961E1C7B5AD80EF42
                                                                                                                                                                                                                                                                                                                                                                        Function 008DAB9C Relevance: 6.1, APIs: 4, Instructions: 103keyboardwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetKeyboardState.USER32(?,7608C0D0,?,00008000), ref: 008DABF1
                                                                                                                                                                                                                                                                                                                                                                        • SetKeyboardState.USER32(00000080,?,00008000), ref: 008DAC0D
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000101,00000000), ref: 008DAC74
                                                                                                                                                                                                                                                                                                                                                                        • SendInput.USER32(00000001,?,0000001C,7608C0D0,?,00008000), ref: 008DACC6
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: KeyboardState$InputMessagePostSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 432972143-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4df55491bf73654bfabe200acbdd5adcc4586bc28a356f816894ce05a4509fec
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c1cdd3c461fdf72476a6a072d48f7b1300be1dc0f5903259a87b11cb17ed3a79
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4df55491bf73654bfabe200acbdd5adcc4586bc28a356f816894ce05a4509fec
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4B31F470A64618AFEB398B65CC047FA7BA5FB89330F28431BE485D23D1C37589859753
                                                                                                                                                                                                                                                                                                                                                                        Function 00907674 Relevance: 6.1, APIs: 4, Instructions: 102windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(?,?), ref: 0090769A
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(?,?), ref: 00907710
                                                                                                                                                                                                                                                                                                                                                                        • PtInRect.USER32(?,?,00908B89), ref: 00907720
                                                                                                                                                                                                                                                                                                                                                                        • MessageBeep.USER32(00000000), ref: 0090778C
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Rect$BeepClientMessageScreenWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1352109105-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 44245a22d44858712436497e100a37157727c52d9408648b9171c03439d70a24
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5ee1b9ee9ed360ca0e6adca4065a7da338bdf7959ba23ebd7f9362a3a11e8362
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 44245a22d44858712436497e100a37157727c52d9408648b9171c03439d70a24
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F541AF39A09215DFCB15CF98D894EA9B7F5FB49360F1441A8E414DB2A1C371B981DF90
                                                                                                                                                                                                                                                                                                                                                                        Function 009016DA Relevance: 6.1, APIs: 4, Instructions: 101COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 009016EB
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D3A3D: GetWindowThreadProcessId.USER32(?,00000000), ref: 008D3A57
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D3A3D: GetCurrentThreadId.KERNEL32 ref: 008D3A5E
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D3A3D: AttachThreadInput.USER32(00000000,?,00000000,00000000,?,008D25B3), ref: 008D3A65
                                                                                                                                                                                                                                                                                                                                                                        • GetCaretPos.USER32(?), ref: 009016FF
                                                                                                                                                                                                                                                                                                                                                                        • ClientToScreen.USER32(00000000,?), ref: 0090174C
                                                                                                                                                                                                                                                                                                                                                                        • GetForegroundWindow.USER32 ref: 00901752
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ThreadWindow$Foreground$AttachCaretClientCurrentInputProcessScreen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2759813231-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f9a41e9bb7ce712d31ba4d1f329d9a6bbe6d1ec782ad412a3a8963fac1b59ef2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2f3fa609528da9d90ed4c90e2b6e15956ec6b8e51081464197db623ed97bf047
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f9a41e9bb7ce712d31ba4d1f329d9a6bbe6d1ec782ad412a3a8963fac1b59ef2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 04311D75D00549AFC704EFA9C881CAEBBF9FF49304B5480AAE415E7251EB31DE45CBA1
                                                                                                                                                                                                                                                                                                                                                                        Function 00908FC9 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00889BB2
                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 00909001
                                                                                                                                                                                                                                                                                                                                                                        • TrackPopupMenuEx.USER32(?,00000000,?,?,?,00000000,?,008C7711,?,?,?,?,?), ref: 00909016
                                                                                                                                                                                                                                                                                                                                                                        • GetCursorPos.USER32(?), ref: 0090905E
                                                                                                                                                                                                                                                                                                                                                                        • DefDlgProcW.USER32(?,0000007B,?,?,?,?,?,?,?,?,?,?,008C7711,?,?,?), ref: 00909094
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Cursor$LongMenuPopupProcTrackWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2864067406-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ba21d8ba84eb99b686429348f5795afa02c17e91bf9be0c0c6e72891ef4ccc30
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1ff2f7ca1b29c48791c0b32868c76bf2b85d619d326160caa591fd3911cbd444
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ba21d8ba84eb99b686429348f5795afa02c17e91bf9be0c0c6e72891ef4ccc30
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: EA21A136611018EFDB258F94DC58EFB7BB9FF4A360F044155F945872A2C3319990EB60
                                                                                                                                                                                                                                                                                                                                                                        Function 008DD2C1 Relevance: 6.1, APIs: 4, Instructions: 78COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetFileAttributesW.KERNEL32(?,0090CB68), ref: 008DD2FB
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 008DD30A
                                                                                                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000), ref: 008DD319
                                                                                                                                                                                                                                                                                                                                                                        • CreateDirectoryW.KERNEL32(?,00000000,00000000,000000FF,0090CB68), ref: 008DD376
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateDirectory$AttributesErrorFileLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2267087916-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 50b1869bede77c71e718fd531b38a10a7f450f678d3e084b17b8a5cc2dc65031
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3ca9531f21be58113d7d9d217c50f51ffc4f58b317381860c9459ee0f654366c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 50b1869bede77c71e718fd531b38a10a7f450f678d3e084b17b8a5cc2dc65031
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 78212C705093019FC714DF28C88186A77E4FE56768F508B1AF499C73A1E731D946DB93
                                                                                                                                                                                                                                                                                                                                                                        Function 008D1571 Relevance: 6.1, APIs: 4, Instructions: 78memoryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),?,00000000,?), ref: 008D102A
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D1014: GetLastError.KERNEL32(?,TokenIntegrityLevel,?,00000000,?), ref: 008D1036
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D1014: GetProcessHeap.KERNEL32(00000008,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008D1045
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D1014: HeapAlloc.KERNEL32(00000000,?,TokenIntegrityLevel,?,00000000,?), ref: 008D104C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D1014: GetTokenInformation.ADVAPI32(?,00000003(TokenIntegrityLevel),00000000,?,?,?,TokenIntegrityLevel,?,00000000,?), ref: 008D1062
                                                                                                                                                                                                                                                                                                                                                                        • LookupPrivilegeValueW.ADVAPI32(00000000,?,?), ref: 008D15BE
                                                                                                                                                                                                                                                                                                                                                                        • _memcmp.LIBVCRUNTIME ref: 008D15E1
                                                                                                                                                                                                                                                                                                                                                                        • GetProcessHeap.KERNEL32(00000000,00000000), ref: 008D1617
                                                                                                                                                                                                                                                                                                                                                                        • HeapFree.KERNEL32(00000000), ref: 008D161E
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Heap$InformationProcessToken$AllocErrorFreeLastLookupPrivilegeValue_memcmp
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1592001646-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: dadfab4f8760eabbd4e40fa46fa827deb56121b2da6e7980f98d96d0ee483c32
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c46073d6ea24c0d20f045cd681c87d1637e08cc618f6be8c97b561c544ce8ada
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: dadfab4f8760eabbd4e40fa46fa827deb56121b2da6e7980f98d96d0ee483c32
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: FE215571E00109AFDF00DFA4D949BEEB7B8FF54344F08465AE441EB241E734AA45DBA0
                                                                                                                                                                                                                                                                                                                                                                        Function 00902782 Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000EC), ref: 0090280A
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00902824
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(?,000000EC,00000000), ref: 00902832
                                                                                                                                                                                                                                                                                                                                                                        • SetLayeredWindowAttributes.USER32(?,00000000,?,00000002), ref: 00902840
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Long$AttributesLayered
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2169480361-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 0e013583a9800f07fbd477a63d1cabe0a3cacae9e3c991bccab3c53c8367cd2e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a00bd008258371af598e35c890d22e279528c226f5a404631c88c960721fd65d
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 0e013583a9800f07fbd477a63d1cabe0a3cacae9e3c991bccab3c53c8367cd2e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3421B635208511AFD7149B24CC49F6A7799EF86324F248258F816CB6D2CB75FC42C791
                                                                                                                                                                                                                                                                                                                                                                        Function 008D78F5 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 71stringCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D8D7D: lstrlenW.KERNEL32(?,00000002,000000FF,?,?,?,008D790A,?,000000FF,?,008D8754,00000000,?,0000001C,?,?), ref: 008D8D8C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D8D7D: lstrcpyW.KERNEL32(00000000,?,?,008D790A,?,000000FF,?,008D8754,00000000,?,0000001C,?,?,00000000), ref: 008D8DB2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D8D7D: lstrcmpiW.KERNEL32(00000000,?,008D790A,?,000000FF,?,008D8754,00000000,?,0000001C,?,?), ref: 008D8DE3
                                                                                                                                                                                                                                                                                                                                                                        • lstrlenW.KERNEL32(?,00000002,000000FF,?,000000FF,?,008D8754,00000000,?,0000001C,?,?,00000000), ref: 008D7923
                                                                                                                                                                                                                                                                                                                                                                        • lstrcpyW.KERNEL32(00000000,?,?,008D8754,00000000,?,0000001C,?,?,00000000), ref: 008D7949
                                                                                                                                                                                                                                                                                                                                                                        • lstrcmpiW.KERNEL32(00000002,cdecl,?,008D8754,00000000,?,0000001C,?,?,00000000), ref: 008D7984
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: lstrcmpilstrcpylstrlen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: cdecl
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4031866154-3896280584
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ef6d288ed998d39477b8ca671c406312d4ba25385fcf533f360aa52dc8434a1c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9581619fdfe90c8254fd379d2919248cbbb6916a2e446d4f83abfde21cf4350c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ef6d288ed998d39477b8ca671c406312d4ba25385fcf533f360aa52dc8434a1c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 9211E43A204201BFCB155F39C855D7A77A5FF85350B00412BF902CB3A4FB359811D761
                                                                                                                                                                                                                                                                                                                                                                        Function 00907CC2 Relevance: 6.1, APIs: 4, Instructions: 70COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowLongW.USER32(?,000000F0), ref: 00907D0B
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000F0,?), ref: 00907D2A
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowLongW.USER32(00000000,000000EC,000000FF), ref: 00907D42
                                                                                                                                                                                                                                                                                                                                                                        • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,?,?,?,?,?,?,?,?,008EB7AD,00000000), ref: 00907D6B
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889BA1: GetWindowLongW.USER32(00000000,000000EB), ref: 00889BB2
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$Long
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 847901565-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4c46ac3d7a9fb601efafd707d03e87d4170fcad3f09d6155fd44dfc5971bfcbe
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 2c19d35af1d550384f1b0a49e39142d45cce00656a9f34c43c29ed7b0d9a43c2
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4c46ac3d7a9fb601efafd707d03e87d4170fcad3f09d6155fd44dfc5971bfcbe
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C511D235A19625AFCB109F68DC04E667BA9AF46370B154724F835C72F0E730E990DB50
                                                                                                                                                                                                                                                                                                                                                                        Function 00905660 Relevance: 6.1, APIs: 4, Instructions: 67windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001060,?,00000004), ref: 009056BB
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 009056CD
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 009056D8
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001002,00000000,?), ref: 00905816
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 455545452-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ccb1396d955a644f3d19bc4150f4476720fc2ae8cd0a8cbf9f576820fd3235c3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 20ec4ae7edbc48556b3d10ff18331620e77075390eb5241a7c91528856aad743
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ccb1396d955a644f3d19bc4150f4476720fc2ae8cd0a8cbf9f576820fd3235c3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 5111DC75A00608AEDF209BA5CC85EEF7BACEF00360B504426F915D60D1EBB48A80CF60
                                                                                                                                                                                                                                                                                                                                                                        Function 008A1D09 Relevance: 6.1, APIs: 4, Instructions: 63COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID:
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 52dc234dc1de178baf8d02ede78bef81e070afc6f650b193e90c9d93eedca807
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f3232c7b47ac415434b9fd4d16a879ae35c0c81b4c0913355973f74fa4427eaa
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 52dc234dc1de178baf8d02ede78bef81e070afc6f650b193e90c9d93eedca807
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93016DB260961A7EFA61267C6CC5F67661DFF837B8F340329F621E19D2DB708C005161
                                                                                                                                                                                                                                                                                                                                                                        Function 008D1A27 Relevance: 6.1, APIs: 4, Instructions: 56windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B0,?,?), ref: 008D1A47
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 008D1A59
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 008D1A6F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000C9,?,00000000), ref: 008D1A8A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5dcc9b6afedc5e3c71d9944bbcb4094abdfa7c092d005082138479a3438b8404
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 7361664f1844f80406830c98c3d4fcfabdb7f3302f94880595f0fa6ce5f221ff
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5dcc9b6afedc5e3c71d9944bbcb4094abdfa7c092d005082138479a3438b8404
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1211273A901229FFEF109BA4C985FADBB78FF08750F200192EA00B7290D7716E50DB94
                                                                                                                                                                                                                                                                                                                                                                        Function 008DE1D6 Relevance: 6.1, APIs: 4, Instructions: 55synchronizationthreadwindowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 008DE1FD
                                                                                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(?,?,?,?), ref: 008DE230
                                                                                                                                                                                                                                                                                                                                                                        • WaitForSingleObject.KERNEL32(00000000,000000FF,?,?,?,?), ref: 008DE246
                                                                                                                                                                                                                                                                                                                                                                        • CloseHandle.KERNEL32(00000000,?,?,?,?), ref: 008DE24D
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CloseCurrentHandleMessageObjectSingleThreadWait
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2880819207-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 4f570dee2fd1cc2eaf606955d2a51511c6ef8a1ef13676eb7cde5c594e37ba4e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 64172da56268488cd9f68dfe7456a13a9f84e239659fc2d628da29be89adb621
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 4f570dee2fd1cc2eaf606955d2a51511c6ef8a1ef13676eb7cde5c594e37ba4e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 6A11DBB6928258BFC701AFA89C05E9F7FACEB45710F14435AF924E7391D670DD0497A0
                                                                                                                                                                                                                                                                                                                                                                        Function 0089D1CC Relevance: 6.1, APIs: 4, Instructions: 55threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateThread.KERNEL32(00000000,?,0089CFF9,00000000,00000004,00000000), ref: 0089D218
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 0089D224
                                                                                                                                                                                                                                                                                                                                                                        • __dosmaperr.LIBCMT ref: 0089D22B
                                                                                                                                                                                                                                                                                                                                                                        • ResumeThread.KERNEL32(00000000), ref: 0089D249
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Thread$CreateErrorLastResume__dosmaperr
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 173952441-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 393c269da10c409e4743244918a47c1945ab4d8d8968f3e8bf65f350bb444821
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ac22ae99696c1bf5b25a848f0e6a91d527c002a557dd1a132e630eb381e4ff3a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 393c269da10c409e4743244918a47c1945ab4d8d8968f3e8bf65f350bb444821
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 96012272818308BBCF207BE9DC09BAA7A68FF81730F280319F924D21D0CB71D900D6A1
                                                                                                                                                                                                                                                                                                                                                                        Function 0087600E Relevance: 6.1, APIs: 4, Instructions: 53windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0087604C
                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000011), ref: 00876060
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000030,00000000), ref: 0087606A
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CreateMessageObjectSendStockWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3970641297-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 86173c418b12edabe188598d093c3452aae189a6b19083186f487dec6de478eb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5b62158fafb7d7112e778b7287309a9aee661e2e8aeba4e656690b383a5fd128
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 86173c418b12edabe188598d093c3452aae189a6b19083186f487dec6de478eb
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 971161B2505909BFEF124F94DC44EEA7B69FF19364F044215FA18A2164D732DC60EF90
                                                                                                                                                                                                                                                                                                                                                                        Function 00893B3C Relevance: 6.1, APIs: 4, Instructions: 53COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • ___BuildCatchObject.LIBVCRUNTIME ref: 00893B56
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00893AA3: BuildCatchObjectHelperInternal.LIBVCRUNTIME ref: 00893AD2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00893AA3: ___AdjustPointer.LIBCMT ref: 00893AED
                                                                                                                                                                                                                                                                                                                                                                        • _UnwindNestedFrames.LIBCMT ref: 00893B6B
                                                                                                                                                                                                                                                                                                                                                                        • __FrameHandler3::FrameUnwindToState.LIBVCRUNTIME ref: 00893B7C
                                                                                                                                                                                                                                                                                                                                                                        • CallCatchBlock.LIBVCRUNTIME ref: 00893BA4
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Catch$BuildFrameObjectUnwind$AdjustBlockCallFramesHandler3::HelperInternalNestedPointerState
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 737400349-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: eae911b073ff1dcc07653fb5402e2fe1e762f26e5d4d4c4c30a5f2c9bfc27b8d
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 12ea49abee573113f57dbd3ec3a577afcc9c348439d29e6cbe32e78011ac24d3
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1D01ED32100149BBDF116E99CC46DEB7B69FF58764F084014FE48A6121C732D961DBA1
                                                                                                                                                                                                                                                                                                                                                                        Function 008A3073 Relevance: 6.1, APIs: 4, Instructions: 52libraryCOMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000800,008713C6,00000000,00000000,?,008A301A,008713C6,00000000,00000000,00000000,?,008A328B,00000006,FlsSetValue), ref: 008A30A5
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32(?,008A301A,008713C6,00000000,00000000,00000000,?,008A328B,00000006,FlsSetValue,00912290,FlsSetValue,00000000,00000364,?,008A2E46), ref: 008A30B1
                                                                                                                                                                                                                                                                                                                                                                        • LoadLibraryExW.KERNEL32(00000000,00000000,00000000,?,008A301A,008713C6,00000000,00000000,00000000,?,008A328B,00000006,FlsSetValue,00912290,FlsSetValue,00000000), ref: 008A30BF
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LibraryLoad$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3177248105-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a8373b140d39659fddb42aaa11b1b355912052150475609daa6719843c8ccca2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a5a65688000d52cffad99e6bceaee9422c469d7b3432f90e53e2694a7bc494d8
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a8373b140d39659fddb42aaa11b1b355912052150475609daa6719843c8ccca2
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 93012B72329A26AFEB314B799C449577B98FF47BA1B200720FA15E3580D721D901C6E0
                                                                                                                                                                                                                                                                                                                                                                        Function 008D7464 Relevance: 6.1, APIs: 4, Instructions: 51registryCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetModuleFileNameW.KERNEL32(?,?,00000104,00000000), ref: 008D747F
                                                                                                                                                                                                                                                                                                                                                                        • LoadTypeLibEx.OLEAUT32(?,00000002,?), ref: 008D7497
                                                                                                                                                                                                                                                                                                                                                                        • RegisterTypeLib.OLEAUT32(?,?,00000000), ref: 008D74AC
                                                                                                                                                                                                                                                                                                                                                                        • RegisterTypeLibForUser.OLEAUT32(?,?,00000000), ref: 008D74CA
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Type$Register$FileLoadModuleNameUser
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1352324309-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ab0217f9504994d9bc8c62e36b9f78e90be6986c87a6b4cd99986afdddde83cf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3824a992c35879cb461d4d43e2c526bd8ee11435fea9c1d952bf2468fe1b09fe
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ab0217f9504994d9bc8c62e36b9f78e90be6986c87a6b4cd99986afdddde83cf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4211C4B12093159FE7218F14DC08F92BFFDFB00B04F10866AE616D6291E770E944EB54
                                                                                                                                                                                                                                                                                                                                                                        Function 008DB0A8 Relevance: 6.0, APIs: 4, Instructions: 50sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,008DACD3,?,00008000), ref: 008DB0C4
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,008DACD3,?,00008000), ref: 008DB0E9
                                                                                                                                                                                                                                                                                                                                                                        • QueryPerformanceCounter.KERNEL32(?,?,?,?,?,?,?,?,?,008DACD3,?,00008000), ref: 008DB0F3
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000,?,?,?,?,?,?,?,?,008DACD3,?,00008000), ref: 008DB126
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CounterPerformanceQuerySleep
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2875609808-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c526da6ba29dbd82d13955ac8d5a01717951f7966b36fb049e0ad94f0e54d989
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ac3288b1fa728ca6410f398740b870b63c30e43f5370e23dcb0a77640397fe65
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c526da6ba29dbd82d13955ac8d5a01717951f7966b36fb049e0ad94f0e54d989
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DD116171C0561DDBCF00AFE4D9596EEBB78FF09711F124286D941F2241DB3059509B91
                                                                                                                                                                                                                                                                                                                                                                        Function 008D2DA7 Relevance: 6.0, APIs: 4, Instructions: 34threadwindowtimeCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageTimeoutW.USER32(?,00000000,00000000,00000000,00000002,00001388,?), ref: 008D2DC5
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowThreadProcessId.USER32(?,00000000), ref: 008D2DD6
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentThreadId.KERNEL32 ref: 008D2DDD
                                                                                                                                                                                                                                                                                                                                                                        • AttachThreadInput.USER32(00000000,?,00000000,00000000), ref: 008D2DE4
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Thread$AttachCurrentInputMessageProcessSendTimeoutWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2710830443-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 55b2b9ef52d519e58adc220e451b98d8dd0e82da34eeb15f1d5116c37d4b5ebd
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 97ac82998d7156cffad0135553700d712af2f74e9d3af452d93d61d677104b2a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 55b2b9ef52d519e58adc220e451b98d8dd0e82da34eeb15f1d5116c37d4b5ebd
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: CAE06DB21192287AD7201B629C0DEEB3F6DFB56BA1F000316B105D11809AA18880D6B0
                                                                                                                                                                                                                                                                                                                                                                        Function 00908863 Relevance: 6.0, APIs: 4, Instructions: 31COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889639: ExtCreatePen.GDI32(?,?,00000000,00000000,00000000,?,00000000), ref: 00889693
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889639: SelectObject.GDI32(?,00000000), ref: 008896A2
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889639: BeginPath.GDI32(?), ref: 008896B9
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00889639: SelectObject.GDI32(?,00000000), ref: 008896E2
                                                                                                                                                                                                                                                                                                                                                                        • MoveToEx.GDI32(?,00000000,00000000,00000000), ref: 00908887
                                                                                                                                                                                                                                                                                                                                                                        • LineTo.GDI32(?,?,?), ref: 00908894
                                                                                                                                                                                                                                                                                                                                                                        • EndPath.GDI32(?), ref: 009088A4
                                                                                                                                                                                                                                                                                                                                                                        • StrokePath.GDI32(?), ref: 009088B2
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Path$ObjectSelect$BeginCreateLineMoveStroke
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1539411459-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6a948177a6b79092061ff7f84921b221d746e126dc9ecbcfa666e9a7a7f68cf7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 11e2f9a638668f1d3a095f3c28bf7aa6df00e2011647d69a6b6d888bf500621b
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6a948177a6b79092061ff7f84921b221d746e126dc9ecbcfa666e9a7a7f68cf7
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 3BF03A36159259FAEB126F94AC09FCA3E69AF06310F048100FA11650E1C7755551EBE5
                                                                                                                                                                                                                                                                                                                                                                        Function 008898B0 Relevance: 6.0, APIs: 4, Instructions: 23COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000008), ref: 008898CC
                                                                                                                                                                                                                                                                                                                                                                        • SetTextColor.GDI32(?,?), ref: 008898D6
                                                                                                                                                                                                                                                                                                                                                                        • SetBkMode.GDI32(?,00000001), ref: 008898E9
                                                                                                                                                                                                                                                                                                                                                                        • GetStockObject.GDI32(00000005), ref: 008898F1
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Color$ModeObjectStockText
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 4037423528-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f97f1c75099ddd8e87af30e55590db6df2f373410ef7a3f00c162e9ce318517c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 204dcae7bfd8f40267977153f42c2911ec3e6c2ee033a3c0587819d4307ff76d
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f97f1c75099ddd8e87af30e55590db6df2f373410ef7a3f00c162e9ce318517c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2DE06D7125C280AEDB215B74AC09BE83F20FB12336F048319FAFA980E1C3718650AF10
                                                                                                                                                                                                                                                                                                                                                                        Function 008D162B Relevance: 6.0, APIs: 4, Instructions: 22threadCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentThread.KERNEL32 ref: 008D1634
                                                                                                                                                                                                                                                                                                                                                                        • OpenThreadToken.ADVAPI32(00000000,?,?,?,008D11D9), ref: 008D163B
                                                                                                                                                                                                                                                                                                                                                                        • GetCurrentProcess.KERNEL32(00000028,?,?,?,?,008D11D9), ref: 008D1648
                                                                                                                                                                                                                                                                                                                                                                        • OpenProcessToken.ADVAPI32(00000000,?,?,?,008D11D9), ref: 008D164F
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CurrentOpenProcessThreadToken
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3974789173-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 5e34647a52042f04976b7afdca5e87396326f74e94cff04cbf2335bf175af823
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 07dfb73e8fbd8c95e93e7b3911a097d02702a2df6128b4182b9a258b5f80b09e
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 5e34647a52042f04976b7afdca5e87396326f74e94cff04cbf2335bf175af823
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B1E08CB261A211EFEB201FA0AE0DB863B7CFF54B92F148A09F245D9080E6348440EB60
                                                                                                                                                                                                                                                                                                                                                                        Function 008CD858 Relevance: 6.0, APIs: 4, Instructions: 19COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 008CD858
                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 008CD862
                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 008CD882
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?), ref: 008CD8A3
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: b67e15ebc022ae3d22247a7fc9800907652f7b5abee7cd8ab6d396aa6c5a5ab4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a8a3724305b6cb46346354152c3c00723929cf3fb52bb206c208e337816ce67d
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: b67e15ebc022ae3d22247a7fc9800907652f7b5abee7cd8ab6d396aa6c5a5ab4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 13E01AB0814209DFCF51AFA0D80CA6DBBB1FB08310F108519F846E7250CB399901BF50
                                                                                                                                                                                                                                                                                                                                                                        Function 008CD86C Relevance: 6.0, APIs: 4, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetDesktopWindow.USER32 ref: 008CD86C
                                                                                                                                                                                                                                                                                                                                                                        • GetDC.USER32(00000000), ref: 008CD876
                                                                                                                                                                                                                                                                                                                                                                        • GetDeviceCaps.GDI32(00000000,0000000C), ref: 008CD882
                                                                                                                                                                                                                                                                                                                                                                        • ReleaseDC.USER32(?), ref: 008CD8A3
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CapsDesktopDeviceReleaseWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2889604237-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: d4860634b4d5a9ba4e581047ec89e24cb1cf4e96cabb7b0cd2c08c90f52ef9f4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 34809a0f4d7a7edd407b14a20cd14b2c652993b389f03830a8371a932cb863e3
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: d4860634b4d5a9ba4e581047ec89e24cb1cf4e96cabb7b0cd2c08c90f52ef9f4
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: D8E092B5818209EFCF61AFA4D80C66DBBB5FB08311F149549E94AE7290CB799901BF50
                                                                                                                                                                                                                                                                                                                                                                        Function 008E4D87 Relevance: 5.5, APIs: 1, Strings: 2, Instructions: 230shareCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00877620: _wcslen.LIBCMT ref: 00877625
                                                                                                                                                                                                                                                                                                                                                                        • WNetUseConnectionW.MPR(00000000,?,0000002A,00000000,?,?,0000002A,?), ref: 008E4ED4
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Connection_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: *$LPT
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1725874428-3443410124
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 561f9db6dd44e682c91d88a7744dd495ea5e2f86f7ff49864d78cc1dcc2fb42d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9b3b7144724a86e3260f4a8721b20d73af72d2c672fe8a88bf82fb5cc75dfbf8
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 561f9db6dd44e682c91d88a7744dd495ea5e2f86f7ff49864d78cc1dcc2fb42d
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A5916D75A042449FCB14DF59C484EAABBF1FF45718F189099E80A9F3A2CB31ED85CB91
                                                                                                                                                                                                                                                                                                                                                                        Function 0089E27D Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 189COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • __startOneArgErrorHandling.LIBCMT ref: 0089E30D
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ErrorHandling__start
                                                                                                                                                                                                                                                                                                                                                                        • String ID: pow
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3213639722-2276729525
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 2682aef0f798637b6cbb4db4de30c7d7c07f7e20f8f2d42653d57a972dc1467b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: da54123e9fb7fc0a74426fedeeca17ca2a72a2dd488fab87c338080179061da6
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 2682aef0f798637b6cbb4db4de30c7d7c07f7e20f8f2d42653d57a972dc1467b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: A8513B61A1C20696EF15B718CD413B92FA4FB41B40F388D68F095C27EDEB358CA1BA46
                                                                                                                                                                                                                                                                                                                                                                        Function 0088E187 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 184COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID:
                                                                                                                                                                                                                                                                                                                                                                        • String ID: #
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 0-1885708031
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: f516dfb71eee9c3dab08ec4a654482cec2fd635a799db35c2a4b62d4259e561b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: a351477fd70cb5a76ed6ccf605df652bc7b206a8f2ee0fbd7a9da2bfb6607d0a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: f516dfb71eee9c3dab08ec4a654482cec2fd635a799db35c2a4b62d4259e561b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2451FF7550424ADFDB25EF28C481ABA7BB8FF25310F248059F891DB290D734DD52CBA1
                                                                                                                                                                                                                                                                                                                                                                        Function 0088F291 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 144sleepCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • Sleep.KERNEL32(00000000), ref: 0088F2A2
                                                                                                                                                                                                                                                                                                                                                                        • GlobalMemoryStatusEx.KERNEL32(?), ref: 0088F2BB
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: GlobalMemorySleepStatus
                                                                                                                                                                                                                                                                                                                                                                        • String ID: @
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2783356886-2766056989
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 82b46ebfda105f9531c821a3a32a0205398782ba3ec1646ab628dd832b45220c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 3e63de8d41f2cda380b92585463029fbbc21e99274df148616a0c45be424329c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 82b46ebfda105f9531c821a3a32a0205398782ba3ec1646ab628dd832b45220c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 035126714187449BD320AF14DC86BAFBBF8FB95304F81885DF299811A9EF708529CB67
                                                                                                                                                                                                                                                                                                                                                                        Function 008F5745 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 125COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?,?,00000003,?,?), ref: 008F57E0
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008F57EC
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: BuffCharUpper_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: CALLARGARRAY
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 157775604-1150593374
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: bdda12fda3583ba3cdb4d7c851144753ebc794703faaa5ce824830f692720fdc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: c10d173ed8316420695dba7c60324b0a601e3237fd3d4c807880e426b5b7dbff
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: bdda12fda3583ba3cdb4d7c851144753ebc794703faaa5ce824830f692720fdc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B0419F71A102099FCB14EFB8C8828BEBBB5FF59764F144129E605E7291E7349D81CB91
                                                                                                                                                                                                                                                                                                                                                                        Function 008ED0F4 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 98networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008ED130
                                                                                                                                                                                                                                                                                                                                                                        • InternetCrackUrlW.WININET(?,00000000,00000000,0000007C), ref: 008ED13A
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CrackInternet_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: |
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 596671847-2343686810
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e6167d6a37695d98bd78ff98919332a09c65960bb2241781f368210d3f451e0b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 51f2ee2ba03609557016c27595dd18ceb54512f8c6f08d4397259bf5e9384f3d
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e6167d6a37695d98bd78ff98919332a09c65960bb2241781f368210d3f451e0b
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: AF311971D00219ABCF15EFA9CC85AEEBFB9FF15300F104019F819E6166E731AA16DB61
                                                                                                                                                                                                                                                                                                                                                                        Function 0090356C Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 96COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • DestroyWindow.USER32(?,?,?,?), ref: 00903621
                                                                                                                                                                                                                                                                                                                                                                        • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?), ref: 0090365C
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$DestroyMove
                                                                                                                                                                                                                                                                                                                                                                        • String ID: static
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2139405536-2160076837
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: a92ec66c270d3387c8c519048560959d678115b57008ca8345fd73d6369b0644
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 6cfb85380ea1ea61397c9ac13d8321b0d2cee6ea4f1320913f27654131799a98
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: a92ec66c270d3387c8c519048560959d678115b57008ca8345fd73d6369b0644
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: BA316B71110604AEDB209F68DC81EBB73ADFF88724F10D619F9A9D7290DA31AD91DB60
                                                                                                                                                                                                                                                                                                                                                                        Function 00904537 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 95windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000027,00001132,00000000,?), ref: 0090461F
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00001105,00000000,00000000), ref: 00904634
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID: '
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-1997036262
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 53d47863e301e28c70e1c99b205f619faaaff50a44825b893cdb4e1f00bdfa4c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5e07dba63befe1ae4e7fcdb518d72d2b41748c2e84404481c1af4d20e3c9df70
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 53d47863e301e28c70e1c99b205f619faaaff50a44825b893cdb4e1f00bdfa4c
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2E313AB4A013099FDF14CFA9C980BDA7BB9FF49300F104069EA04AB381E771A941CF90
                                                                                                                                                                                                                                                                                                                                                                        Function 009031EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(00000000,00000143,00000000,?), ref: 0090327C
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 00903287
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: MessageSend
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Combobox
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3850602802-2096851135
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 365c92bc82eb2d4bd7888f283cacac8ce12624d12b0eba142231185ba19f4d8a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 572857d6eb36700203b86209546e8b21a9079f270a55aaf71c8272656c0712fd
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 365c92bc82eb2d4bd7888f283cacac8ce12624d12b0eba142231185ba19f4d8a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 2311B2713042087FEF219F98DC81EBB37AEEB94364F108225F928972D0D6319D519760
                                                                                                                                                                                                                                                                                                                                                                        Function 00903710 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 67COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0087600E: CreateWindowExW.USER32(?,?,?,?,?,?,?,?,?,?,00000000,?), ref: 0087604C
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0087600E: GetStockObject.GDI32(00000011), ref: 00876060
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0087600E: SendMessageW.USER32(00000000,00000030,00000000), ref: 0087606A
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowRect.USER32(00000000,?), ref: 0090377A
                                                                                                                                                                                                                                                                                                                                                                        • GetSysColor.USER32(00000012), ref: 00903794
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Window$ColorCreateMessageObjectRectSendStock
                                                                                                                                                                                                                                                                                                                                                                        • String ID: static
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1983116058-2160076837
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9510b85bf27517264cbc49b4cd1e6a2db69564fe73e77d098deb1986c4a2f2bf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: f11af5aa132ce839a19ca40f95549551e30ec25c6e1472d3c77336d3b28dbb2c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9510b85bf27517264cbc49b4cd1e6a2db69564fe73e77d098deb1986c4a2f2bf
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: C41129B2610209AFDB00DFA8CC45EEA7BF8FB08314F004A15F955E2290E735E8619B50
                                                                                                                                                                                                                                                                                                                                                                        Function 008ECD1E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 66networkCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • InternetOpenW.WININET(?,00000000,00000000,00000000,00000000), ref: 008ECD7D
                                                                                                                                                                                                                                                                                                                                                                        • InternetSetOptionW.WININET(00000000,00000032,?,00000008), ref: 008ECDA6
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Internet$OpenOption
                                                                                                                                                                                                                                                                                                                                                                        • String ID: <local>
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 942729171-4266983199
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: c15e912a4ece3bdbf6043a83db0f4ccc0610e72e81d3bfe766629c3916fd4c0a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1811b59c37cffcd03e3587774cfb1920700a5dc6c66ab98a1c37b45b38288743
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: c15e912a4ece3bdbf6043a83db0f4ccc0610e72e81d3bfe766629c3916fd4c0a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 4911A371B15675BED7344B678C45EE7BEADFB137A8F004226B509C2080D6659842D6F0
                                                                                                                                                                                                                                                                                                                                                                        Function 00903429 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 64windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetWindowTextLengthW.USER32(00000000), ref: 009034AB
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 009034BA
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: LengthMessageSendTextWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: edit
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2978978980-2167791130
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: ed364ba12c6fc8cde46e86371a919c6e5414173ff4423b59d8465d925969c92f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: abbb4b45d946affc7573829d1ba421c5dded5b3eec9a59097724021f4e7b9a9a
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: ed364ba12c6fc8cde46e86371a919c6e5414173ff4423b59d8465d925969c92f
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0611BC71100208AFEB228F64DC80AAB37AEEF05778F508724F9609B1E0C771DC91AB60
                                                                                                                                                                                                                                                                                                                                                                        Function 008D6C86 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 56COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                        • CharUpperBuffW.USER32(?,?,?), ref: 008D6CB6
                                                                                                                                                                                                                                                                                                                                                                        • _wcslen.LIBCMT ref: 008D6CC2
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen$BuffCharUpper
                                                                                                                                                                                                                                                                                                                                                                        • String ID: STOP
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1256254125-2411985666
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 22a0e69c5b31fd888c900a548eca285de43ea8ca0a1c446ae6d986e556f76256
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 164c64bf6c46b515edca84728f0035bfa7662594cb847b478db88a7ce8ccbbe4
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 22a0e69c5b31fd888c900a548eca285de43ea8ca0a1c446ae6d986e556f76256
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0F010432A2452F8ACB20AFBDDC809BF37A5FB60714B000626E852D2295FA32D920C650
                                                                                                                                                                                                                                                                                                                                                                        Function 008D1CDE Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 52windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008D3CCA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,000001A2,000000FF,?), ref: 008D1D4C
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 390ad6032a60488fed2a5c20214053c668cdc627e4595abf08db9d3349923fb8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 950922de4d878195271afd0fb1b4d1fddb000361babf7b07bbc222004a129f00
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 390ad6032a60488fed2a5c20214053c668cdc627e4595abf08db9d3349923fb8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 8201B571611218ABCF14EBA8CC55CFE73A9FF56354F04071AF866D73C5EB3199088662
                                                                                                                                                                                                                                                                                                                                                                        Function 008D1BD8 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008D3CCA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000180,00000000,?), ref: 008D1C46
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 6aa7e935fc74246f1c0d018128029cb97fecbf855adbe689098d46226835b8ff
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ea79c314741aa9a9db1104992804e17794c7f1c4be9f4ecfa18e734213a89084
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 6aa7e935fc74246f1c0d018128029cb97fecbf855adbe689098d46226835b8ff
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 1201D4717901087ADF04EB94C956DFF73A8FF65344F10011AE446E3382EA209B0886B3
                                                                                                                                                                                                                                                                                                                                                                        Function 008D1C5C Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 49windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008D3CCA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,00000182,?,00000000), ref: 008D1CC8
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 9cdac2408807d8e465aef4335b342094b5c953655f7c777fe1b5cc01ed246607
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0bac762974cae7035b21b1f6df954fb7d5f79ccb7c8ebeef1af8741c74b0122c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 9cdac2408807d8e465aef4335b342094b5c953655f7c777fe1b5cc01ed246607
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B2018FB179011876CF14EBA9CA46AFE73A8FF11344F140116A846E3381EA219F088673
                                                                                                                                                                                                                                                                                                                                                                        Function 008D1D68 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 46windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 00879CB3: _wcslen.LIBCMT ref: 00879CBD
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008D3CA7: GetClassNameW.USER32(?,?,000000FF), ref: 008D3CCA
                                                                                                                                                                                                                                                                                                                                                                        • SendMessageW.USER32(?,0000018B,00000000,00000000), ref: 008D1DD3
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ClassMessageNameSend_wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ComboBox$ListBox
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 624084870-1403004172
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e40eee109b6918f00c95e0fb65165a4d376e51a026e21d8567c875182ea8f90a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 60dc4995e01cdbfb6a2a7c9ff150dd0ec51b52c746c2d933746e4fc5edb9b7ec
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e40eee109b6918f00c95e0fb65165a4d376e51a026e21d8567c875182ea8f90a
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 22F0D671B502186ACB04A7A8CC56EFE7378FF55354F040A16F466E33C1DB609A088662
                                                                                                                                                                                                                                                                                                                                                                        Function 008F747E Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: _wcslen
                                                                                                                                                                                                                                                                                                                                                                        • String ID: 3, 3, 16, 1
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 176396367-3042988571
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: beec4bc1fed0171431852b5fae93fa802ff5aa9676549643561b159761661e6e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 4ca30a7bb6cd1ba5fc6cf2a2c0d6ca2e1f9b80bc83ca2d245705606bdc1d5e87
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: beec4bc1fed0171431852b5fae93fa802ff5aa9676549643561b159761661e6e
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 0EE02B0220422410A231327DACC1D7F5A89FFD9750B14282BFB81C227AEA948D9293A6
                                                                                                                                                                                                                                                                                                                                                                        Function 008D0B15 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 28windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • MessageBoxW.USER32(00000000,Error allocating memory.,AutoIt,00000010), ref: 008D0B23
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Message
                                                                                                                                                                                                                                                                                                                                                                        • String ID: AutoIt$Error allocating memory.
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 2030045667-4017498283
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: fc64efbf709e491be8a8e0bab082f4fad3783b29202a9823ff28518df0a08b48
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 9851f3a24d35a5c80e1daad12bd076017256f2f2fe2c59c9d89028d7a059e89c
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: fc64efbf709e491be8a8e0bab082f4fad3783b29202a9823ff28518df0a08b48
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 28E020712483187ED62437587C03F897BC4EF05F65F100527F798D55C38AD164A01BEA
                                                                                                                                                                                                                                                                                                                                                                        Function 00890D42 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 22COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 0088F7C9: InitializeCriticalSectionAndSpinCount.KERNEL32(?,00000000,?,00890D71,?,?,?,0087100A), ref: 0088F7CE
                                                                                                                                                                                                                                                                                                                                                                        • IsDebuggerPresent.KERNEL32(?,?,?,0087100A), ref: 00890D75
                                                                                                                                                                                                                                                                                                                                                                        • OutputDebugStringW.KERNEL32(ERROR : Unable to initialize critical section in CAtlBaseModule,?,?,?,0087100A), ref: 00890D84
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        • ERROR : Unable to initialize critical section in CAtlBaseModule, xrefs: 00890D7F
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: CountCriticalDebugDebuggerInitializeOutputPresentSectionSpinString
                                                                                                                                                                                                                                                                                                                                                                        • String ID: ERROR : Unable to initialize critical section in CAtlBaseModule
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 55579361-631824599
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 8a3ef03dbe51b2469d2c5d483f04fe8adc3e4bbd1074ee06d5e0426dc265c315
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 5478c0b7d9b8e597682d8e4d5e8fba99e075d9e8e6bdbe08a08c085496be2aa7
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 8a3ef03dbe51b2469d2c5d483f04fe8adc3e4bbd1074ee06d5e0426dc265c315
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 46E092B42007418FEB30AFBCD4087427BE4FF00744F048A2DE8A6C6A96DBB0E4489F91
                                                                                                                                                                                                                                                                                                                                                                        Function 008E3017 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 18COMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • GetTempPathW.KERNEL32(00000104,?,00000001), ref: 008E302F
                                                                                                                                                                                                                                                                                                                                                                        • GetTempFileNameW.KERNEL32(?,aut,00000000,?), ref: 008E3044
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: Temp$FileNamePath
                                                                                                                                                                                                                                                                                                                                                                        • String ID: aut
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 3285503233-3010740371
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: afab87a81dc6abade14f0d1188ad96b59bc2d2834aa24c371cfede45ee5381f8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 1979d86f180737ea48c7d5705dd8fd89a0376b67d827aa0628fdb6478bd0e9fc
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: afab87a81dc6abade14f0d1188ad96b59bc2d2834aa24c371cfede45ee5381f8
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: F9D05EB25003287BDA20A7A8AC0EFCB3A6CDB05750F4002A1B665E20D5DAB0D984CAD0
                                                                                                                                                                                                                                                                                                                                                                        Function 00902322 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0090232C
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000,00000111,00000197,00000000), ref: 0090233F
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DE97B: Sleep.KERNEL32 ref: 008DE9F3
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 1a83eb0367693cc7b23bba23b94ed6ec5dfe732e5b9e164db0784255b9f6c0dc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: ecacf5a11856643dbd06f83816fe68b4201762c5a449475293aa9dab8c95ca89
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 1a83eb0367693cc7b23bba23b94ed6ec5dfe732e5b9e164db0784255b9f6c0dc
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: DBD0C9B63A9310BAE668B7709C5FFC66A58AB40B14F104A167646AA1D0C9A0A8019A54
                                                                                                                                                                                                                                                                                                                                                                        Function 00902356 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15windowCOMMON
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • FindWindowW.USER32(Shell_TrayWnd,00000000), ref: 0090236C
                                                                                                                                                                                                                                                                                                                                                                        • PostMessageW.USER32(00000000), ref: 00902373
                                                                                                                                                                                                                                                                                                                                                                          • Part of subcall function 008DE97B: Sleep.KERNEL32 ref: 008DE9F3
                                                                                                                                                                                                                                                                                                                                                                        Strings
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: FindMessagePostSleepWindow
                                                                                                                                                                                                                                                                                                                                                                        • String ID: Shell_TrayWnd
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 529655941-2988720461
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: 539d9d44b0ccbaf73b8730ba8854f7ca81e5870f7501657552d7dd65c08ce876
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 395933432c89db3264f138d87c0feb3bfe271517fefa4aaa74cf3c08dda371ec
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: 539d9d44b0ccbaf73b8730ba8854f7ca81e5870f7501657552d7dd65c08ce876
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: 32D0C9B6399310BAE668B7709C4FFC66A58AB44B14F504A167646EA1D0C9A0A8019A54
                                                                                                                                                                                                                                                                                                                                                                        Function 008ABDFD Relevance: 5.1, APIs: 4, Instructions: 139COMMONLIBRARYCODE
                                                                                                                                                                                                                                                                                                                                                                        Download Yara Rule
                                                                                                                                                                                                                                                                                                                                                                        APIs
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000009,?,00000000,00000000,?,?,?,00000000,?,?,?,?,?,00000000,?), ref: 008ABE93
                                                                                                                                                                                                                                                                                                                                                                        • GetLastError.KERNEL32 ref: 008ABEA1
                                                                                                                                                                                                                                                                                                                                                                        • MultiByteToWideChar.KERNEL32(?,00000001,?,?,00000000,?), ref: 008ABEFC
                                                                                                                                                                                                                                                                                                                                                                        Memory Dump Source
                                                                                                                                                                                                                                                                                                                                                                        • Source File: 00000000.00000002.1429561054.0000000000871000.00000020.00000001.01000000.00000003.sdmp, Offset: 00870000, based on PE: true
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429508700.0000000000870000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.000000000090C000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429769212.0000000000932000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1429924134.000000000093C000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        • Associated: 00000000.00000002.1430020198.0000000000944000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                                                                        Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                                                                        • Snapshot File: hcaresult_0_2_870000_gTU8ed4669.jbxd
                                                                                                                                                                                                                                                                                                                                                                        Similarity
                                                                                                                                                                                                                                                                                                                                                                        • API ID: ByteCharMultiWide$ErrorLast
                                                                                                                                                                                                                                                                                                                                                                        • String ID:
                                                                                                                                                                                                                                                                                                                                                                        • API String ID: 1717984340-0
                                                                                                                                                                                                                                                                                                                                                                        • Opcode ID: e8729af220de2fe4fa51ccf0da21c9f3f7bbfffa8b6d4bf82d7acaf24e0c5217
                                                                                                                                                                                                                                                                                                                                                                        • Instruction ID: 0b61ccf394e7bc5c74a16449df6f59b0b56f4c4e0bc91b96f7473a34fedab877
                                                                                                                                                                                                                                                                                                                                                                        • Opcode Fuzzy Hash: e8729af220de2fe4fa51ccf0da21c9f3f7bbfffa8b6d4bf82d7acaf24e0c5217
                                                                                                                                                                                                                                                                                                                                                                        • Instruction Fuzzy Hash: B7410534605206AFEF218FA8CC54AAA7BA4FF03310F184269F959D75A2EF308C10DB61